Infinite loop in curl_fnmatch #2015

cmeister2 opened this Issue Oct 25, 2017 · 0 comments


None yet
2 participants

cmeister2 commented Oct 25, 2017

I did this

This sample code hits an infinite loop in curl_fnmatch.c

#include <curl/curl.h>

int main(int argc, char *argv[])
  CURLcode ret;
  CURL *hnd;

  hnd = curl_easy_init();
  curl_easy_setopt(hnd, CURLOPT_URL, "[*\\s-'tl");
  curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
  curl_easy_setopt(hnd, CURLOPT_USERPWD, "demo:password");
  curl_easy_setopt(hnd, CURLOPT_WILDCARDMATCH, 1L);

  ret = curl_easy_perform(hnd);

  hnd = NULL;

  return (int)ret;

This problem does not exist in the curl tool because this is rejected by tool_urlglob.c.

Discovered by OSS-Fuzz:

@bagder bagder added the FTP label Oct 25, 2017

bagder added a commit that referenced this issue Oct 25, 2017

curl_fnmatch: return error on illegal [] wildcard pattern
... instead of doing an infinite loop!

Added test 1162 to verify.

Reported-by: Max Dymond
Fixes #2015

@bagder bagder closed this in f0364f7 Oct 26, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment