ftp-wildcard: fix matching an empty string with "*[^a]"

.... and avoid advancing the pointer to trigger an out of buffer read. Detected by OSS-fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5251 Assisted-by: Max Dymond
author: Daniel Stenberg <daniel@haxx.se> 2018-01-13 21:52:15 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2018-01-17 10:41:38 +0100
commit: cb5accab9ee3abdee777b59b463b5e0ca05a490a (patch)
tree: 7ccac75f5e82e7975d3afc449f6b331cc88e0584 /lib
parent: 25c40c9af97782c9d475e765d50eaac071fd7d91 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/curl_fnmatch.c b/lib/curl_fnmatch.c
index 8a1e106c4..5638e167a 100644
--- a/lib/curl_fnmatch.c
+++ b/lib/curl_fnmatch.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -376,7 +376,9 @@ static int loop(const unsigned char *pattern, const unsigned char *string)
 
           if(found) {
             p = pp + 1;
-            s++;
+            if(*s)
+              /* don't advance if we're matching on an empty string */
+              s++;
             memset(charset, 0, CURLFNM_CHSET_SIZE);
           }
           else
author	Daniel Stenberg <daniel@haxx.se>	2018-01-13 21:52:15 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2018-01-17 10:41:38 +0100
commit	cb5accab9ee3abdee777b59b463b5e0ca05a490a (patch)
tree	7ccac75f5e82e7975d3afc449f6b331cc88e0584 /lib
parent	25c40c9af97782c9d475e765d50eaac071fd7d91 (diff)