Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
to your account
This sample code hits an infinite loop in curl_fnmatch.c
int main(int argc, char *argv)
hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_URL, "ftp://test.rebex.net/[*\\s-'tl");
curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
curl_easy_setopt(hnd, CURLOPT_USERPWD, "demo:password");
curl_easy_setopt(hnd, CURLOPT_WILDCARDMATCH, 1L);
ret = curl_easy_perform(hnd);
hnd = NULL;
This problem does not exist in the curl tool because this is rejected by tool_urlglob.c.
Discovered by OSS-Fuzz: https://oss-fuzz.com/v2/testcase-detail/4564121254100992
The text was updated successfully, but these errors were encountered:
curl_fnmatch: return error on illegal  wildcard pattern
... instead of doing an infinite loop!
Added test 1162 to verify.
Reported-by: Max Dymond
No branches or pull requests