changed the glob_url() call, after Janne Johansson's buffer overflow report

src/main.c

@@ -961,12 +961,16 @@ int main(int argc, char *argv[])
     return URG_FAILED_INIT;
   }
 #if 0
-    fprintf(stderr, "URL: %s PROXY: %s\n", url, config.proxy?config.proxy:"none");
+  fprintf(stderr, "URL: %s PROXY: %s\n", url, config.proxy?config.proxy:"none");
 #endif
 
 #ifdef GLOBURL
-  urlnum = glob_url(&urls, url);	/* expand '{...}' and '[...]' expressions and return
-					   total number of URLs in pattern set */
+  /* expand '{...}' and '[...]' expressions and return total number of URLs
+     in pattern set */
+  res = glob_url(&urls, url, &urlnum);
+  if(res != URG_OK)
+    return res;
+
   outfiles = config.outfile;		/* save outfile pattern befor expansion */
   if (!outfiles && !config.remotefile && urlnum > 1) {
 #ifdef CURL_SEPARATORS

src/urlglob.c

@@ -204,17 +204,22 @@ int glob_word(char *pattern, int pos) {
   exit (URG_FAILED_INIT);
 }
 
-int glob_url(URLGlob** glob, char* url) {
-  int urlnum;		/* counts instances of a globbed pattern */
+int glob_url(URLGlob** glob, char* url, int *urlnum)
+{
+  if (strlen(url)>URL_MAX_LENGTH) {
+    printf("Illegally sized URL\n");
+    return URG_URL_MALFORMAT;
+  }
 
   glob_expand = (URLGlob*)malloc(sizeof(URLGlob));
   glob_expand->size = 0;
-  urlnum = glob_word(url, 1);
+  *urlnum = glob_word(url, 1);
   *glob = glob_expand;
-  return urlnum;
+  return URG_OK;
 }
 
-char *next_url(URLGlob *glob) {
+char *next_url(URLGlob *glob)
+{
   static int beenhere = 0;
   char *buf = glob_buffer;
   URLPattern *pat;

src/urlglob.h

@@ -67,7 +67,7 @@ typedef struct {
   int size;
 } URLGlob;
 
-int glob_url(URLGlob**, char*);
+int glob_url(URLGlob**, char*, int *);
 char* next_url(URLGlob*);
 char* match_url(char*, URLGlob);