curl: only accept COLUMNS less than 10000

... as larger values would rather indicate something silly (and could
potentially cause buffer problems).

Reported-by: pendrek at hackerone
Closes #4114

diff --git a/src/tool_cb_prg.c b/src/tool_cb_prg.c
index 05fe0e636213f0bc620bd67255d8b2be24f1c643..a18827c8bf5cd2316a4e0b04a4c4d1fee153362c 100644 (file)
--- a/src/tool_cb_prg.c
+++ b/src/tool_cb_prg.c
@@ -210,7 +210,8 @@ void progressbarinit(struct ProgressData *bar,
   if(colp) {
     char *endptr;
     long num = strtol(colp, &endptr, 10);
-    if((endptr != colp) && (endptr == colp + strlen(colp)) && (num > 20))
+    if((endptr != colp) && (endptr == colp + strlen(colp)) && (num > 20) &&
+       (num < 10000))
       bar->width = (int)num;
     curl_free(colp);
   }