urlglob: fix division by zero

The multiply() function that is used to avoid integer overflows, was
itself reason for a possible division by zero error when passed a
specially formatted glob.

Reported-by: GwanYeong Kim

diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
index d002f276d32c6680055f625e66791dc1e217f8c3..6b1ece008b35da069210b02c99f14d6bf336d83c 100644 (file)
--- a/src/tool_urlglob.c
+++ b/src/tool_urlglob.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -66,6 +66,10 @@ static CURLcode glob_fixed(URLGlob *glob, char *fixed, size_t len)
 static int multiply(unsigned long *amount, long with)
 {
   unsigned long sum = *amount * with;
+  if(!with) {
+    *amount = 0;
+    return 0;
+  }
   if(sum/with != *amount)
     return 1; /* didn't fit, bail out */
   *amount = sum;