range: prevent negative end number in a glob range (fbb5f1aa) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

src/tool_urlglob.c

+7 −0

Original line number	Original line	Diff line number	Diff line
	@@ -257,6 +257,12 @@ static CURLcode glob_range(URLGlob glob, char *patternp,
	endp = NULL;		endp = NULL;
	else {		else {
	pattern = endp+1;		pattern = endp+1;
			while(pattern && ISBLANK(pattern))
			pattern++;
			if(!ISDIGIT(*pattern)) {
			endp = NULL;
			goto fail;
			}
	errno = 0;		errno = 0;
	max_n = strtoul(pattern, &endp, 10);		max_n = strtoul(pattern, &endp, 10);
	if(errno \|\| (*endp == ':')) {		if(errno \|\| (*endp == ':')) {
	@@ -277,6 +283,7 @@ static CURLcode glob_range(URLGlob glob, char *patternp,
	}		}
	}		}

			fail:
	posp += (pattern - patternp);		posp += (pattern - patternp);

	if(!endp \|\| (min_n > max_n) \|\| (step_n > (max_n - min_n)) \|\| !step_n)		if(!endp \|\| (min_n > max_n) \|\| (step_n > (max_n - min_n)) \|\| !step_n)