urlglob: fix division by zero

The multiply() function that is used to avoid integer overflows, was itself reason for a possible division by zero error when passed a specially formatted glob. Reported-by: GwanYeong Kim
author: Daniel Stenberg <daniel@haxx.se> 2017-06-10 14:35:07 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2017-06-13 09:25:45 +0200
commit: 5fa028e508056e3569beb5698e3f52e45fea94da (patch)
tree: 4ef6adfa96addd748cc4e8d2f6b120e093747ef4 /src/tool_urlglob.c
parent: f6dff827d321933a21cb7a697d3007c2ed90217b (diff)
download: curl-5fa028e508056e3569beb5698e3f52e45fea94da.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
index d002f276d..6b1ece008 100644
--- a/src/tool_urlglob.c
+++ b/src/tool_urlglob.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -66,6 +66,10 @@ static CURLcode glob_fixed(URLGlob *glob, char *fixed, size_t len)
 static int multiply(unsigned long *amount, long with)
 {
   unsigned long sum = *amount * with;
+  if(!with) {
+    *amount = 0;
+    return 0;
+  }
   if(sum/with != *amount)
     return 1; /* didn't fit, bail out */
   *amount = sum;
author	Daniel Stenberg <daniel@haxx.se>	2017-06-10 14:35:07 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2017-06-13 09:25:45 +0200
commit	5fa028e508056e3569beb5698e3f52e45fea94da (patch)
tree	4ef6adfa96addd748cc4e8d2f6b120e093747ef4 /src/tool_urlglob.c
parent	f6dff827d321933a21cb7a697d3007c2ed90217b (diff)
download	curl-5fa028e508056e3569beb5698e3f52e45fea94da.tar.gz