From 6482773d30c96fe886c294036acbc8ad2130bc31 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 27 May 2018 23:24:27 +0200
Subject: fnmatch: insist on escaped bracket to match

A non-escaped bracket ([) is for a character group - as documented. It
will *not* match an individual bracket anymore. Test case 1307 updated
accordingly to match.

Problem detected by OSS-Fuzz, although this fix is probably not a final
fix for the notorious timeout issues.

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8525
Closes #2614
---
 lib/curl_fnmatch.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib/curl_fnmatch.c')

diff --git a/lib/curl_fnmatch.c b/lib/curl_fnmatch.c
index 268fe79b3..bd4e61f4e 100644
--- a/lib/curl_fnmatch.c
+++ b/lib/curl_fnmatch.c
@@ -334,9 +334,9 @@ static int loop(const unsigned char *pattern, const unsigned char *string,
         s++;
         break;
       }
+      /* Syntax error in set; mismatch! */
+      return CURL_FNMATCH_NOMATCH;
 
-      /* Syntax error in set: this must be taken as a regular character. */
-      /* FALLTHROUGH */
     default:
       if(*p++ != *s++)
         return CURL_FNMATCH_NOMATCH;
-- 
cgit v1.2.3