changed the glob_url() call, after Janne Johansson's buffer overflow report
diff --git a/src/main.c b/src/main.c
index 7438b0e..cadc9cf 100644
--- a/src/main.c
+++ b/src/main.c
@@ -961,12 +961,16 @@
return URG_FAILED_INIT;
}
#if 0
- fprintf(stderr, "URL: %s PROXY: %s\n", url, config.proxy?config.proxy:"none");
+ fprintf(stderr, "URL: %s PROXY: %s\n", url, config.proxy?config.proxy:"none");
#endif
#ifdef GLOBURL
- urlnum = glob_url(&urls, url); /* expand '{...}' and '[...]' expressions and return
- total number of URLs in pattern set */
+ /* expand '{...}' and '[...]' expressions and return total number of URLs
+ in pattern set */
+ res = glob_url(&urls, url, &urlnum);
+ if(res != URG_OK)
+ return res;
+
outfiles = config.outfile; /* save outfile pattern befor expansion */
if (!outfiles && !config.remotefile && urlnum > 1) {
#ifdef CURL_SEPARATORS
diff --git a/src/urlglob.c b/src/urlglob.c
index 48974d1..9f41340 100644
--- a/src/urlglob.c
+++ b/src/urlglob.c
@@ -204,17 +204,22 @@
exit (URG_FAILED_INIT);
}
-int glob_url(URLGlob** glob, char* url) {
- int urlnum; /* counts instances of a globbed pattern */
+int glob_url(URLGlob** glob, char* url, int *urlnum)
+{
+ if (strlen(url)>URL_MAX_LENGTH) {
+ printf("Illegally sized URL\n");
+ return URG_URL_MALFORMAT;
+ }
glob_expand = (URLGlob*)malloc(sizeof(URLGlob));
glob_expand->size = 0;
- urlnum = glob_word(url, 1);
+ *urlnum = glob_word(url, 1);
*glob = glob_expand;
- return urlnum;
+ return URG_OK;
}
-char *next_url(URLGlob *glob) {
+char *next_url(URLGlob *glob)
+{
static int beenhere = 0;
char *buf = glob_buffer;
URLPattern *pat;
diff --git a/src/urlglob.h b/src/urlglob.h
index dc52371..230f5f7 100644
--- a/src/urlglob.h
+++ b/src/urlglob.h
@@ -67,7 +67,7 @@
int size;
} URLGlob;
-int glob_url(URLGlob**, char*);
+int glob_url(URLGlob**, char*, int *);
char* next_url(URLGlob*);
char* match_url(char*, URLGlob);
