cURL
Haxx ad
libcurl

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker Archives

[curl:bugs] #1265 integer overflow in sscanf-based parsing (glibc)

From: Daniel Stenberg <bagder_at_users.sf.net>
Date: Sun, 18 Aug 2013 21:41:06 +0000

Fixed in git, commit 5ca96cb84410

---
** [bugs:#1265] integer overflow in sscanf-based parsing (glibc)**
**Status:** closed-fixed
**Created:** Thu Aug 15, 2013 01:23 AM UTC by Will Dietz
**Last Updated:** Thu Aug 15, 2013 01:40 PM UTC
**Owner:** Daniel Stenberg
Problem:
--------
curl's use of sscanf for parsing range glob patterns invokes undefined behavior when the numeric value being parsed is too large to fit into an integer, which on libc silently overflows causing unexpected behavior when using ranges containing large integers.
Examples:
---------
~~~~
:::sh
$ curl "http://1/[4294967296-1]"
[1/2]: http://1/0 --> <stdout>
--_curl_--http://1/0
curl: (7) Failed to connect to 0.0.0.1: Invalid argument
[2/2]: http://1/1 --> <stdout>
--_curl_--http://1/1
curl: (7) Failed to connect to 0.0.0.1: Invalid argument
~~~~
~~~~
:::sh
$ curl "http://1/[4294967296-4294967300]"      
                               
[1/5]: http://1/0 --> <stdout>
--_curl_--http://1/0
curl: (7) Failed to connect to 0.0.0.1: Invalid argument
[2/5]: http://1/1 --> <stdout>
--_curl_--http://1/1
curl: (7) Failed to connect to 0.0.0.1: Invalid argument
[3/5]: http://1/2 --> <stdout>
--_curl_--http://1/2
curl: (7) Failed to connect to 0.0.0.1: Invalid argument
[4/5]: http://1/3 --> <stdout>
--_curl_--http://1/3
curl: (7) Failed to connect to 0.0.0.1: Invalid argument
[5/5]: http://1/4 --> <stdout>
--_curl_--http://1/4
curl: (7) Failed to connect to 0.0.0.1: Invalid argument
~~~~
This also impacts the parsing of the 'step' portion of the range glob.
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.
Received on 2013-08-18

These mail archives are generated by hypermail.

donate! Page updated May 06, 2013.
web site info

File upload with ASP.NET