1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00
Go to file
Daniel Stenberg 5ca96cb844 urlglob: better detect unclosed braces, empty lists and overflows
A rather big overhaul and cleanup.

1 - curl wouldn't properly detect and reject globbing that ended with an
open brace if there were brackets or braces before it. Like "{}{" or
"[0-1]{"

2 - curl wouldn't properly reject empty lists so that "{}{}" would
result in curl getting (nil) strings in the output.

3 - By using strtoul() instead of sscanf() the code will now detected
over and underflows. It now also better parses the step argument to only
accept positive numbers and only step counters that is smaller than the
delta between the maximum and minimum numbers.

4 - By switching to unsigned longs instead of signed ints for the
counters, the max values for []-ranges are now very large (on 64bit
machines).

5 - Bumped the maximum number of globs in a single URL to 100 (from 10)

6 - Simplified the code somewhat and now it stores fixed strings as
single- entry lists. That's also one of the reasons why I did (5) as now
all strings between "globs" will take a slot in the array.

Added test 1234 and 1235 to verify. Updated test 87.

This commit fixes three separate bug reports.

Bug: http://curl.haxx.se/bug/view.cgi?id=1264
Bug: http://curl.haxx.se/bug/view.cgi?id=1265
Bug: http://curl.haxx.se/bug/view.cgi?id=1266
Reported-by: Will Dietz
2013-08-16 11:52:08 +02:00
CMake cmake: use standard findxxx modules for cmake v2.8+ 2012-09-17 23:22:09 +02:00
docs THANKS: added contributors from the 7.32.0 release notes 2013-08-11 23:43:32 +02:00
include version number: bump to 7.32.1 for now 2013-08-12 13:16:44 +02:00
lib ftp: convert state names to a global array 2013-08-14 22:41:30 +02:00
m4 configure: warn on bad env variable use, don't error 2013-08-05 09:31:59 +02:00
packages VMS: Add RELEASE-NOTES to vms document 2013-08-15 10:57:52 +02:00
perl removed trailing whitespace 2011-12-30 03:36:18 +01:00
src urlglob: better detect unclosed braces, empty lists and overflows 2013-08-16 11:52:08 +02:00
tests urlglob: better detect unclosed braces, empty lists and overflows 2013-08-16 11:52:08 +02:00
vs move msvc IDE related files to 'vs' directory tree 2013-02-13 17:14:21 +01:00
winbuild msvc: move Makefile.msvc.names into winbuild/ 2013-02-06 23:14:11 +01:00
.gitattributes Tell git to not convert configure-related files. 2012-07-17 20:35:23 +02:00
.gitignore repository: ignore patch files generated by git 2013-02-22 23:22:22 +01:00
acinclude.m4 CURL_CHECK_CA_BUNDLE: don't check for paths when cross-compiling 2013-04-18 23:37:56 +02:00
buildconf Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
buildconf.bat curl tool: renaming hugehelp files to tool_hugehelp 2012-12-26 23:30:54 +01:00
CHANGES CHANGES: move all contents from CHANGES to CHANGES.0 2010-06-21 22:27:39 +02:00
CHANGES.0 removed trailing whitespace 2011-12-30 03:36:18 +01:00
CMakeLists.txt cmake: Fix mingw build 2013-02-04 22:35:09 +01:00
configure.ac configure: fix 'subdir-objects' distclean related issue 2013-07-18 04:48:33 +02:00
COPYING COPYING: Updated copyright year to include 2013 2013-02-05 23:05:50 +00:00
CTestConfig.cmake ENH: move dashboard location 2009-07-15 19:40:46 +00:00
curl-config.in curl-config.in: replace tabs by spaces 2013-06-22 22:08:42 +02:00
GIT-INFO curl tool: renaming hugehelp files to tool_hugehelp 2012-12-26 23:30:54 +01:00
install-sh install-sh: updated to support multiple source files as arguments 2013-02-13 15:47:54 +01:00
libcurl.pc.in build: prevent global LIBS from influencing src and lib build targets 2012-12-03 22:41:18 +01:00
log2changes.pl log2changes.pl: fix the Version output 2012-06-07 23:50:00 +02:00
MacOSX-Framework OS X framework: fix invalid symbolic link 2013-05-09 21:51:35 +02:00
Makefile.am move msvc IDE related files to 'vs' directory tree 2013-02-13 17:14:21 +01:00
Makefile.dist Added winssl-zlib target to VC builds. 2013-07-08 17:46:15 +02:00
maketgz maketgz: make bzip2 creation work with Parallel BZIP2 too 2013-04-18 11:13:56 +02:00
missing renamed generated config.h to curl_config.h in order to avoid clashes when libcurl is used with other projects which also have a config.h. 2009-07-14 13:25:14 +00:00
mkinstalldirs install-sh: updated to support multiple source files as arguments 2013-02-13 15:47:54 +01:00
README various changes of CVS to git 2010-03-22 00:34:09 +01:00
RELEASE-NOTES version number: bump to 7.32.1 for now 2013-08-12 13:16:44 +02:00
TODO-RELEASE TODO-RELEASE: cleaned up, not really maintained lately 2013-04-08 08:32:10 +02:00

                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

README

  Curl is a command line tool for transferring data specified with URL
  syntax. Find out how to use curl by reading the curl.1 man page or the
  MANUAL document. Find out how to install Curl by reading the INSTALL
  document.

  libcurl is the library curl is using to do its job. It is readily
  available to be used by your software. Read the libcurl.3 man page to
  learn how!

  You find answers to the most frequent questions we get in the FAQ document.

  Study the COPYING file for distribution terms and similar. If you distribute
  curl binaries or other binaries that involve libcurl, you might enjoy the
  LICENSE-MIXING document.

CONTACT

  If you have problems, questions, ideas or suggestions, please contact us
  by posting to a suitable mailing list. See http://curl.haxx.se/mail/

  All contributors to the project are listed in the THANKS document.

WEB SITE

  Visit the curl web site for the latest news and downloads:

        http://curl.haxx.se/

GIT

  To download the very latest source off the GIT server do this:

    git clone git://github.com/bagder/curl.git

  (you'll get a directory named curl created, filled with the source code)

NOTICE

  Curl contains pieces of source code that is Copyright (c) 1998, 1999
  Kungliga Tekniska Högskolan. This notice is included here to comply with the
  distribution terms.