From 61f4cdb73ae489e9a756d567bfe99dc2471735b7 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 8 Oct 2010 23:12:34 +0200 Subject: globbing: fix crash on unballanced open brace Having an open brace without a closing brace caused a segfault. Having a closing brace too many caused a silent error to occur, which caused curl to bail out and return an error code but no error message was shown. It does now! All error message outputs no longer wrongly get _two_ newlines written after the error message. Reported by: Vlad Ureche Bug: http://curl.haxx.se/bug/view.cgi?id=3083942 --- src/urlglob.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/urlglob.c b/src/urlglob.c index e49b762f5..590c37ae8 100644 --- a/src/urlglob.c +++ b/src/urlglob.c @@ -107,7 +107,7 @@ static GlobCode glob_set(URLGlob *glob, char *pattern, /* always check for a literal (may be "") between patterns */ if(GLOB_ERROR == glob_word(glob, ++pattern, ++pos, &wordamount)) - wordamount=1; + return GLOB_ERROR; *amount = pat->content.Set.size * wordamount; done = TRUE; @@ -262,8 +262,11 @@ static GlobCode glob_word(URLGlob *glob, char *pattern, *amount = 1; /* default is one single string */ while (*pattern != '\0' && *pattern != '{' && *pattern != '[') { - if (*pattern == '}' || *pattern == ']') + if (*pattern == '}' || *pattern == ']') { + snprintf(glob->errormsg, sizeof(glob->errormsg), + "unmatched close brace/bracket at pos %zu\n", pos); return GLOB_ERROR; + } /* only allow \ to escape known "special letters" */ if (*pattern == '\\' && @@ -335,7 +338,7 @@ int glob_url(URLGlob** glob, char* url, int *urlnum, FILE *error) else { if(error && glob_expand->errormsg[0]) { /* send error description to the error-stream */ - fprintf(error, "curl: (%d) [globbing] %s\n", + fprintf(error, "curl: (%d) [globbing] %s", CURLE_URL_MALFORMAT, glob_expand->errormsg); } /* it failed, we cleanup */ -- cgit v1.2.3