moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity
curl/src
History
Daniel Stenberg 5ca96cb844 urlglob: better detect unclosed braces, empty lists and overflows 
A rather big overhaul and cleanup.

1 - curl wouldn't properly detect and reject globbing that ended with an
open brace if there were brackets or braces before it. Like "{}{" or
"[0-1]{"

2 - curl wouldn't properly reject empty lists so that "{}{}" would
result in curl getting (nil) strings in the output.

3 - By using strtoul() instead of sscanf() the code will now detected
over and underflows. It now also better parses the step argument to only
accept positive numbers and only step counters that is smaller than the
delta between the maximum and minimum numbers.

4 - By switching to unsigned longs instead of signed ints for the
counters, the max values for []-ranges are now very large (on 64bit
machines).

5 - Bumped the maximum number of globs in a single URL to 100 (from 10)

6 - Simplified the code somewhat and now it stores fixed strings as
single- entry lists. That's also one of the reasons why I did (5) as now
all strings between "globs" will take a slot in the array.

Added test 1234 and 1235 to verify. Updated test 87.

This commit fixes three separate bug reports.

Bug: http://curl.haxx.se/bug/view.cgi?id=1264
Bug: http://curl.haxx.se/bug/view.cgi?id=1265
Bug: http://curl.haxx.se/bug/view.cgi?id=1266
Reported-by: Will Dietz
 		2013-08-16 11:52:08 +02:00
..
macos curl tool: renaming hugehelp files to tool_hugehelp 2012-12-26 23:30:54 +01:00
.gitignore curl tool: renaming hugehelp files to tool_hugehelp 2012-12-26 23:30:54 +01:00
CMakeLists.txt cmake: Fix for MSVC2010 project generation 2013-07-17 00:26:58 +02:00
Makefile.Watcom Updated zlib version in build files. 2013-05-11 17:08:00 +02:00
Makefile.am build: fixed unit1394 for debug and metlink builds 2013-05-06 23:28:04 +02:00
Makefile.b32 Makefile.b32: Borland makefile adjustments. Tested with BCC 5.5.1 2013-07-19 12:33:11 +02:00
Makefile.inc curl: follow-up for commit 5af2bfb9 2013-07-31 15:36:56 +02:00
Makefile.m32 Updated zlib version in build files. 2013-05-11 17:08:00 +02:00
Makefile.netware Updated zlib version in build files. 2013-05-11 17:08:00 +02:00
Makefile.vc6 Added winssl-zlib target to VC builds. 2013-07-08 17:46:15 +02:00
curl.rc curl tool: reviewed code moved to tool_*.[ch] files 2011-10-06 17:39:00 +02:00
makefile.amiga Makefile.inc: fix $(top_srcdir) not allowed in _SOURCES variables 2013-01-20 04:20:02 +01:00
makefile.dj Makefile.inc: fix $(top_srcdir) not allowed in _SOURCES variables 2013-01-20 04:20:02 +01:00
mkhelp.pl Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
tool_binmode.c Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
tool_binmode.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_bname.c Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
tool_bname.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_cb_dbg.c Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
tool_cb_dbg.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_cb_hdr.c Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
tool_cb_hdr.h Fixes allowing 26 more test cases in 1334 to 1393 range to succeed 2012-06-09 05:49:49 +02:00
tool_cb_prg.c curl: second follow-up for commit 5af2bfb9 2013-08-01 12:25:01 +02:00
tool_cb_prg.h curl: --progress-bar max update frequency now at 5Hz 2013-07-31 13:41:00 +02:00
tool_cb_rea.c Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
tool_cb_rea.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_cb_see.c Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
tool_cb_see.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_cb_wrt.c Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
tool_cb_wrt.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_cfgable.c Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
tool_cfgable.h src/tool: allow timeouts to accept decimal values 2013-07-14 23:04:05 +02:00
tool_convert.c Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
tool_convert.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_dirhie.c checksrc: ban unsafe functions 2013-03-07 11:08:05 +01:00
tool_dirhie.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_doswin.c Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
tool_doswin.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_easysrc.c Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
tool_easysrc.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_formparse.c formpost: support quotes, commas and semicolon in file names 2013-01-22 15:43:29 +01:00
tool_formparse.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_getparam.c curl: make --no-[option] work properly for several options 2013-08-14 11:39:04 +02:00
tool_getparam.h unit1394.c: plug the curl tool unit test in 2013-05-06 15:03:13 +02:00
tool_getpass.c Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
tool_getpass.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_help.c --help: fix the --sasl-ir in the help output 2013-08-14 22:39:58 +02:00
tool_help.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_helpers.c Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
tool_helpers.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_homedir.c VMS: fix and generate the VMS build config 2013-02-05 23:08:57 +01:00
tool_homedir.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_hugehelp.c.cvs curl tool: rename hugehelp files to tool_hugehelp 2012-12-26 23:34:41 +01:00
tool_hugehelp.h curl tool: rename hugehelp files to tool_hugehelp 2012-12-26 23:34:41 +01:00
tool_libinfo.c Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
tool_libinfo.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_main.c src/Makefile.am: build static lib for unit tests if enabled 2013-05-06 15:03:12 +02:00
tool_main.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_metalink.c md5 & metalink: use better build macros on Apple operating systems 2013-07-30 20:20:20 -06:00
tool_metalink.h metalink_cleanup: yet another follow-up fix 2013-02-15 13:45:28 +01:00
tool_mfiles.c Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
tool_mfiles.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_msgs.c Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
tool_msgs.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_operate.c urlglob: better detect unclosed braces, empty lists and overflows 2013-08-16 11:52:08 +02:00
tool_operate.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_operhlp.c tool_operhlp.c: fix add_file_name_to_url() OOM handling 2013-07-29 18:32:39 +02:00
tool_operhlp.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_panykey.c Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
tool_panykey.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_paramhlp.c src/tool: allow timeouts to accept decimal values 2013-07-14 23:04:05 +02:00
tool_paramhlp.h src/tool: allow timeouts to accept decimal values 2013-07-14 23:04:05 +02:00
tool_parsecfg.c checksrc: ban unsafe functions 2013-03-07 11:08:05 +01:00
tool_parsecfg.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_sdecls.h Include metalink/metalink.h for libmetalink functions 2012-07-02 03:39:21 +02:00
tool_setopt.c curl: fix symbolic names for CURL_NETRC_* enum in --libcurl output 2013-07-22 21:40:44 +02:00
tool_setopt.h curl: fix symbolic names for CURL_NETRC_* enum in --libcurl output 2013-07-22 21:40:44 +02:00
tool_setup.h vms_show: post VMS patch cleanup - II 2013-02-06 04:51:55 +01:00
tool_sleep.c Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
tool_sleep.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_urlglob.c urlglob: better detect unclosed braces, empty lists and overflows 2013-08-16 11:52:08 +02:00
tool_urlglob.h urlglob: better detect unclosed braces, empty lists and overflows 2013-08-16 11:52:08 +02:00
tool_util.c Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
tool_util.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_version.h curl tool: reviewed code moved to tool_*.[ch] files 2011-10-06 17:39:00 +02:00
tool_vms.c Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
tool_vms.h vms_show: post VMS patch cleanup - II 2013-02-06 04:51:55 +01:00
tool_writeenv.c Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
tool_writeenv.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_writeout.c Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
tool_writeout.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
tool_xattr.c Revert changes relative to lib/*.[ch] recent renaming 2013-01-06 18:20:27 +01:00
tool_xattr.h curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00