From d21f82cebd8a6bf40477cd43c5618fe8b398a2e7 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 25 Oct 2017 23:53:30 +0200
Subject: [PATCH] curl_fnmatch: return error on illegal [] wildcard pattern

... instead of doing an infinite loop!

Added test 1162 to verify.

Reported-by: Max Dymond
Fixes #2015
---
 lib/curl_fnmatch.c      |  8 ++++---
 tests/data/Makefile.inc |  2 +-
 tests/data/test1162     | 52 +++++++++++++++++++++++++++++++++++++++++
 3 files changed, 58 insertions(+), 4 deletions(-)
 create mode 100644 tests/data/test1162

diff --git a/lib/curl_fnmatch.c b/lib/curl_fnmatch.c
index 631268bc178a4e..5a6f137c80a1d1 100644
--- a/lib/curl_fnmatch.c
+++ b/lib/curl_fnmatch.c
@@ -240,10 +240,10 @@ static int setcharset(unsigned char **p, unsigned char *charset)
         if(!ISPRINT(c))
           return SETCHARSET_FAIL;
       }
-      if(c == ']') {
+      else if(c == ']') {
         return SETCHARSET_OK;
       }
-      if(c == '\\') {
+      else if(c == '\\') {
         c = *(++(*p));
         if(ISPRINT(c)) {
           charset[c] = 1;
@@ -253,7 +253,7 @@ static int setcharset(unsigned char **p, unsigned char *charset)
         else
           return SETCHARSET_FAIL;
       }
-      if(c >= rangestart) {
+      else if(c >= rangestart) {
         if((ISLOWER(c) && ISLOWER(rangestart)) ||
            (ISDIGIT(c) && ISDIGIT(rangestart)) ||
            (ISUPPER(c) && ISUPPER(rangestart))) {
@@ -267,6 +267,8 @@ static int setcharset(unsigned char **p, unsigned char *charset)
         else
           return SETCHARSET_FAIL;
       }
+      else
+        return SETCHARSET_FAIL;
       break;
     case CURLFNM_SCHS_RIGHTBR:
       if(c == '[') {
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index eaa1bbced44bdc..b157aeda96f904 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -125,7 +125,7 @@ test1136 test1137 test1138 test1139 test1140 test1141 test1142 test1143 \
 test1144 test1145 test1146 test1147 test1148 test1149 test1150 test1151 \
 test1152 test1153 \
 \
-test1160 test1161 \
+test1160 test1161 test1162 \
 test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \
 test1208 test1209 test1210 test1211 test1212 test1213 test1214 test1215 \
 test1216 test1217 test1218 test1219 \
diff --git a/tests/data/test1162 b/tests/data/test1162
new file mode 100644
index 00000000000000..73e4646e1bbd64
--- /dev/null
+++ b/tests/data/test1162
@@ -0,0 +1,52 @@
+<testcase>
+<info>
+<keywords>
+FTP
+RETR
+LIST
+wildcardmatch
+ftplistparser
+flaky
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data>
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+ftp
+</server>
+<tool>
+lib576
+</tool>
+<name>
+FTP wildcard with crazy pattern
+</name>
+<command>
+"ftp://%HOSTIP:%FTPPORT/fully_simulated/DOS/[*\\s-'tl"
+</command>
+</client>
+<verify>
+<protocol>
+USER anonymous
+PASS ftp@example.com
+PWD
+CWD fully_simulated
+CWD DOS
+EPSV
+TYPE A
+LIST
+QUIT
+</protocol>
+# 78 == CURLE_REMOTE_FILE_NOT_FOUND
+<errorcode>
+78
+</errorcode>
+</verify>
+</testcase>