Commit 5fa028e5 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

urlglob: fix division by zero 

The multiply() function that is used to avoid integer overflows, was
itself reason for a possible division by zero error when passed a
specially formatted glob.

Reported-by: GwanYeong Kim
parent f6dff827

src/tool_urlglob.c

+5 −1
Original line number Diff line number Diff line
@@ -5,7 +5,7 @@ 
 *                            | (__| |_| |  _ <| |___

 *                             \___|\___/|_| \_\_____|

 *

 * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.

 * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.

 *

 * This software is licensed as described in the file COPYING, which

 * you should have received as part of this distribution. The terms
@@ -66,6 +66,10 @@ static CURLcode glob_fixed(URLGlob *glob, char *fixed, size_t len) 
static int multiply(unsigned long *amount, long with)

{

  unsigned long sum = *amount * with;

  if(!with) {

    *amount = 0;

    return 0;

  }

  if(sum/with != *amount)

    return 1; /* didn't fit, bail out */

  *amount = sum;