urlglob: fix division by zero

The multiply() function that is used to avoid integer overflows, was itself reason for a possible division by zero error when passed a specially formatted glob. Reported-by: GwanYeong Kim
dongc · Jun 13, 2017 · 5fa028e · 5fa028e
1 parent f6dff82
commit 5fa028e
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <[email protected]>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <[email protected]>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -66,6 +66,10 @@ static CURLcode glob_fixed(URLGlob *glob, char *fixed, size_t len)
 static int multiply(unsigned long *amount, long with)
 {
   unsigned long sum = *amount * with;
+  if(!with) {
+    *amount = 0;
+    return 0;
+  }
   if(sum/with != *amount)
     return 1; /* didn't fit, bail out */
   *amount = sum;