Fixed in git, commit 5ca96cb84410

---
** [bugs:#1266] Range glob 'step' input validation**
**Status:** closed-fixed
**Created:** Thu Aug 15, 2013 01:26 AM UTC by Will Dietz
**Last Updated:** Thu Aug 15, 2013 01:43 PM UTC
**Owner:** Daniel Stenberg
Summary
========
curl is overly liberal with the 'step' portion of accepted range glob patterns, as demonstrated in the following examples.
This is separate from failure to reject ranges involving numbers too large to fit into an integer as reported here: https://sourceforge.net/p/curl/bugs/1265/.
Wraparound/overflow due to step:
--------------------------------
~~~~
:::sh
$ curl "http://localhost/[a-z:256]"
$ curl "http://localhost/[1-10:2147483647]"
~~~~
Negative step:
-------------
~~~~
:::sh
$ curl "http://localhost/[a-z:-1]"
$ curl "http://localhost/[1-10:-1]"
~~~~
Non-numeric step:
----------------
~~~~
:::sh
$ curl "http://localhost/[a-z:asdf]"
~~~~
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.