Commit 584d0121 authored Jun 03, 2016 by Kamil Dudka

tool_urlglob: fix off-by-one error in glob_parse()

... causing SIGSEGV while parsing URL with too many globs.
Minimal example:

$ curl $(for i in $(seq 101); do printf '{a}'; done)

Reported-by: Romain Coltel
Bug: https://bugzilla.redhat.com/1340757

parent 873b4346

RELEASE-NOTES

+2 −0

Original line number	Diff line number	Diff line
		@@ -19,6 +19,7 @@ This release includes the following bugfixes:
		o URL parser: allow URLs to use one, two or three slashes [6]
		o curl: fix -q [regression] [7]
		o openssl: Use correct buffer sizes for error messages [8]
		o curl: fix SIGSEGV while parsing URL with too many globs [9]

		This release includes the following known bugs:

		@@ -43,3 +44,4 @@ References to bug reports and discussions on issues:
		[6] = https://curl.haxx.se/bug/?i=791
		[7] = https://curl.haxx.se/bug/?i=842
		[8] = https://curl.haxx.se/bug/?i=844
		[9] = https://bugzilla.redhat.com/1340757

src/tool_urlglob.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -401,7 +401,7 @@ static CURLcode glob_parse(URLGlob glob, char pattern,
		}
		}

		if(++glob->size > GLOB_PATTERN_NUM)
		if(++glob->size >= GLOB_PATTERN_NUM)
		return GLOBERROR("too many globs", pos, CURLE_URL_MALFORMAT);
		}
		return res;