package/network/utils/curl/patches/104-CVE-2017-1000101.patch

   1 From 453e7a7a03a2cec749abd3878a48e728c515cca7 Mon Sep 17 00:00:00 2001
   2 From: Daniel Stenberg <daniel@haxx.se>
   3 Date: Tue, 1 Aug 2017 17:16:07 +0200
   4 Subject: [PATCH] glob: do not continue parsing after a strtoul() overflow
   5  range
   6
   7 Added test 1289 to verify.
   8
   9 CVE-2017-1000101
  10
  11 Bug: https://curl.haxx.se/docs/adv_20170809A.html
  12 Reported-by: Brian Carpenter
  13 ---
  14  src/tool_urlglob.c      |  5 ++++-
  15  tests/data/Makefile.inc |  2 +-
  16  tests/data/test1289     | 35 +++++++++++++++++++++++++++++++++++
  17  3 files changed, 40 insertions(+), 2 deletions(-)
  18  create mode 100644 tests/data/test1289
  19
  20 --- a/src/tool_urlglob.c
  21 +++ b/src/tool_urlglob.c
  22 @@ -272,7 +272,10 @@ static CURLcode glob_range(URLGlob *glob
  23          }
  24          errno = 0;
  25          max_n = strtoul(pattern, &endp, 10);
  26 -        if(errno || (*endp == ':')) {
  27 +        if(errno)
  28 +          /* overflow */
  29 +          endp = NULL;
  30 +        else if(*endp == ':') {
  31            pattern = endp+1;
  32            errno = 0;
  33            step_n = strtoul(pattern, &endp, 10);