Mailing Lists
|
|
cURL Mailing List Monthly Index Single Mail
curl-tracker Archives
[curl:bugs] #1265 integer overflow in sscanf-based parsing (glibc)
From: Daniel Stenberg <bagder_at_users.sf.net>
Date: Thu, 15 Aug 2013 13:40:05 +0000
Confirmed. I have a fix pending.
--- ** [bugs:#1265] integer overflow in sscanf-based parsing (glibc)** **Status:** open-confirmed **Created:** Thu Aug 15, 2013 01:23 AM UTC by Will Dietz **Last Updated:** Thu Aug 15, 2013 01:23 AM UTC **Owner:** Daniel Stenberg Problem: -------- curl's use of sscanf for parsing range glob patterns invokes undefined behavior when the numeric value being parsed is too large to fit into an integer, which on libc silently overflows causing unexpected behavior when using ranges containing large integers. Examples: --------- ~~~~ :::sh $ curl "http://1/[4294967296-1]" [1/2]: http://1/0 --> <stdout> --_curl_--http://1/0 curl: (7) Failed to connect to 0.0.0.1: Invalid argument [2/2]: http://1/1 --> <stdout> --_curl_--http://1/1 curl: (7) Failed to connect to 0.0.0.1: Invalid argument ~~~~ ~~~~ :::sh $ curl "http://1/[4294967296-4294967300]" [1/5]: http://1/0 --> <stdout> --_curl_--http://1/0 curl: (7) Failed to connect to 0.0.0.1: Invalid argument [2/5]: http://1/1 --> <stdout> --_curl_--http://1/1 curl: (7) Failed to connect to 0.0.0.1: Invalid argument [3/5]: http://1/2 --> <stdout> --_curl_--http://1/2 curl: (7) Failed to connect to 0.0.0.1: Invalid argument [4/5]: http://1/3 --> <stdout> --_curl_--http://1/3 curl: (7) Failed to connect to 0.0.0.1: Invalid argument [5/5]: http://1/4 --> <stdout> --_curl_--http://1/4 curl: (7) Failed to connect to 0.0.0.1: Invalid argument ~~~~ This also impacts the parsing of the 'step' portion of the range glob. --- Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/ To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.Received on 2013-08-15 These mail archives are generated by hypermail. |
Page updated May 06, 2013.
web site info