glob: do not continue parsing after a strtoul() overflow range (453e7a7a) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

src/tool_urlglob.c

+4 −1

Original line number	Diff line number	Diff line
		@@ -273,7 +273,10 @@ static CURLcode glob_range(URLGlob glob, char *patternp,
		}
		errno = 0;
		max_n = strtoul(pattern, &endp, 10);
		if(errno \|\| (*endp == ':')) {
		if(errno)
		/* overflow */
		endp = NULL;
		else if(*endp == ':') {
		pattern = endp+1;
		errno = 0;
		step_n = strtoul(pattern, &endp, 10);

+1 −1

Original line number	Diff line number	Diff line
		@@ -132,7 +132,7 @@ test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 \
		test1260 test1261 test1262 \
		\
		test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 \
		test1288 \
		test1288 test1289 \
		test1298 test1299 \
		test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 \
		test1308 test1309 test1310 test1311 test1312 test1313 test1314 test1315 \

0 → 100644

+35 −0

Original line number	Diff line number	Diff line
		<testcase>
		<info>
		<keywords>
		HTTP
		HTTP GET
		globbing
		</keywords>
		</info>

		#
		# Server-side
		<reply>
		</reply>

		# Client-side
		<client>
		<server>
		http
		</server>
		<name>
		globbing with overflow and bad syntxx
		</name>
		<command>
		http://ur%20[0-60000000000000000000
		</command>
		</client>

		# Verify data after the test has been "shot"
		<verify>
		# curl: (3) [globbing] bad range in column
		<errorcode>
		3
		</errorcode>
		</verify>
		</testcase>