[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 113/125: ftp-wildcard: fix matching an empty string
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 113/125: ftp-wildcard: fix matching an empty string with "*[^a]" |
Date: |
Sun, 21 Jan 2018 23:42:48 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit cb5accab9ee3abdee777b59b463b5e0ca05a490a
Author: Daniel Stenberg <address@hidden>
AuthorDate: Sat Jan 13 21:52:15 2018 +0100
ftp-wildcard: fix matching an empty string with "*[^a]"
.... and avoid advancing the pointer to trigger an out of buffer read.
Detected by OSS-fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5251
Assisted-by: Max Dymond
---
lib/curl_fnmatch.c | 6 ++++--
tests/unit/unit1307.c | 25 ++++++++++++-------------
2 files changed, 16 insertions(+), 15 deletions(-)
diff --git a/lib/curl_fnmatch.c b/lib/curl_fnmatch.c
index 8a1e106c4..5638e167a 100644
--- a/lib/curl_fnmatch.c
+++ b/lib/curl_fnmatch.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -376,7 +376,9 @@ static int loop(const unsigned char *pattern, const
unsigned char *string)
if(found) {
p = pp + 1;
- s++;
+ if(*s)
+ /* don't advance if we're matching on an empty string */
+ s++;
memset(charset, 0, CURLFNM_CHSET_SIZE);
}
else
diff --git a/tests/unit/unit1307.c b/tests/unit/unit1307.c
index 576462274..c5ec587a5 100644
--- a/tests/unit/unit1307.c
+++ b/tests/unit/unit1307.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -27,12 +27,9 @@
#define NOMATCH CURL_FNMATCH_NOMATCH
#define RE_ERR CURL_FNMATCH_FAIL
-#define MAX_PATTERN_L 100
-#define MAX_STRING_L 100
-
struct testcase {
- char pattern[MAX_PATTERN_L];
- char string[MAX_STRING_L];
+ const char *pattern;
+ const char *string;
int result;
};
@@ -100,6 +97,8 @@ static const struct testcase tests[] = {
{ "*[^a].t?t", "a.txt", NOMATCH },
{ "*[^a].t?t", "ba.txt", NOMATCH },
{ "*[^a].t?t", "ab.txt", MATCH },
+ { "*[^a]", "", MATCH },
+ { "[!ΓΏ]", "", MATCH },
{ "[!?*[]", "?", NOMATCH },
{ "[!!]", "!", NOMATCH },
{ "[!!]", "x", MATCH },
@@ -119,17 +118,17 @@ static const struct testcase tests[] = {
{ "[[:lower:]]", "l", MATCH },
{ "[[:lower:]]", "L", NOMATCH },
{ "[[:print:]]", "L", MATCH },
- { "[[:print:]]", {'\10'}, NOMATCH },
- { "[[:print:]]", {'\10'}, NOMATCH },
+ { "[[:print:]]", "\10", NOMATCH },
+ { "[[:print:]]", "\10", NOMATCH },
{ "[[:space:]]", " ", MATCH },
{ "[[:space:]]", "x", NOMATCH },
{ "[[:graph:]]", " ", NOMATCH },
{ "[[:graph:]]", "x", MATCH },
- { "[[:blank:]]", {'\t'}, MATCH },
- { "[[:blank:]]", {' '}, MATCH },
- { "[[:blank:]]", {'\r'}, NOMATCH },
- { "[^[:blank:]]", {'\t'}, NOMATCH },
- { "[^[:print:]]", {'\10'}, MATCH },
+ { "[[:blank:]]", "\t", MATCH },
+ { "[[:blank:]]", " ", MATCH },
+ { "[[:blank:]]", "\r", NOMATCH },
+ { "[^[:blank:]]", "\t", NOMATCH },
+ { "[^[:print:]]", "\10", MATCH },
{ "[[:lower:]][[:lower:]]", "ll", MATCH },
{ "Curl[[:blank:]];-)", "Curl ;-)", MATCH },
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 97/125: easy: fix connection ownership in curl_easy_pause, (continued)
- [GNUnet-SVN] [gnurl] 97/125: easy: fix connection ownership in curl_easy_pause, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 89/125: Revert "curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX", gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 105/125: test394: verify abort of rubbish in Content-Length: value, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 83/125: tool_getparam: Support size modifiers for --max-filesize, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 100/125: setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 115/125: unit1307: test many wildcards too, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 106/125: test395: HTTP with overflow Content-Length value, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 101/125: RELEASE-NOTES: synced with 6fa10c8fa, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 110/125: smtp/pop3/imap_get_message: decrease the data length too..., gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 91/125: build: remove HAVE_LIMITS_H check, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 113/125: ftp-wildcard: fix matching an empty string with "*[^a]",
gnunet <=
- [GNUnet-SVN] [gnurl] 121/125: http2: don't close connection when single transfer is stopped, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 124/125: RELEASE-NOTES: synced with bb0ffcc36, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 85/125: brotli: data at the end of content can be lost, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 108/125: mime: clone mime tree upon easy handle duplication., gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 48/125: CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 63/125: mailmap: added/clarified several names, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 25/125: conncache: fix several lock issues, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 67/125: curl: support >256 bytes warning messsages, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 99/125: setopt: reintroduce non-static Curl_vsetopt() for OS400 support, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 82/125: build: Fixed incorrect script termination from commit ad1dc10e61, gnunet, 2018/01/21