summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2020-01-13 12:30:37 +0100
committerDaniel Stenberg <daniel@haxx.se>2020-01-13 15:37:46 +0100
commit4431ed2484f0e66096642ee76a2bbeedec5bde79 (patch)
tree4faa3df1127dd28ee0962b44664ce82d170eb0c1
parent6773c7ca65cf2183295e56603f9b86a5ce816a06 (diff)
downloadcurl-4431ed2484f0e66096642ee76a2bbeedec5bde79.tar.gz
curl: make #0 not output the full URL
It was not intended nor documented! Added test 1176 to verify. Reported-by: vshmuk on hackerone Closes #4812
-rw-r--r--src/tool_urlglob.c4
-rw-r--r--tests/data/Makefile.inc2
-rw-r--r--tests/data/test117668
3 files changed, 71 insertions, 3 deletions
diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
index 450cdcf32..6c8716104 100644
--- a/src/tool_urlglob.c
+++ b/src/tool_urlglob.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -627,7 +627,7 @@ CURLcode glob_match_url(char **result, char *filename, URLGlob *glob)
unsigned long num = strtoul(&filename[1], &filename, 10);
URLPattern *pat = NULL;
- if(num < glob->size) {
+ if(num && (num < glob->size)) {
unsigned long i;
num--; /* make it zero based */
/* find the correct glob entry */
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 978f8aa5b..51cc92062 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -133,7 +133,7 @@ test1144 test1145 test1146 test1147 test1148 test1149 test1150 test1151 \
test1152 test1153 test1154 test1155 test1156 test1157 test1158 test1159 \
test1160 test1161 test1162 test1163 test1164 test1165 test1166 test1167 \
\
-test1170 test1171 test1172 test1173 test1174 test1175 \
+test1170 test1171 test1172 test1173 test1174 test1175 test1176 \
\
test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \
test1208 test1209 test1210 test1211 test1212 test1213 test1214 test1215 \
diff --git a/tests/data/test1176 b/tests/data/test1176
new file mode 100644
index 000000000..491bee16f
--- /dev/null
+++ b/tests/data/test1176
@@ -0,0 +1,68 @@
+<testcase>
+<info>
+<keywords>
+globbing
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data nocheck="yes">
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ETag: "21025-dc7-39462498"
+Accept-Ranges: bytes
+Content-Length: 6
+Connection: close
+Content-Type: text/html
+Funny-head: yesyes
+
+-foo-
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP GET
+ </name>
+ <command option="no-output">
+http://%HOSTIP:%HTTPPORT/1176 -o 'log/base-#0'
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /1176 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol>
+<file name="log/base-#0">
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ETag: "21025-dc7-39462498"
+Accept-Ranges: bytes
+Content-Length: 6
+Connection: close
+Content-Type: text/html
+Funny-head: yesyes
+
+-foo-
+</file>
+</verify>
+</testcase>