From 952998cbdb86a6b177881a013021c588a53e5801 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 15 Jul 2019 23:52:43 +0200 Subject: [PATCH] curl: only accept COLUMNS less than 10000 ... as larger values would rather indicate something silly (and could potentially cause buffer problems). Reported-by: pendrek at hackerone Closes #4114 --- src/tool_cb_prg.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/tool_cb_prg.c b/src/tool_cb_prg.c index 05fe0e636..a18827c8b 100644 --- a/src/tool_cb_prg.c +++ b/src/tool_cb_prg.c @@ -210,7 +210,8 @@ void progressbarinit(struct ProgressData *bar, if(colp) { char *endptr; long num = strtol(colp, &endptr, 10); - if((endptr != colp) && (endptr == colp + strlen(colp)) && (num > 20)) + if((endptr != colp) && (endptr == colp + strlen(colp)) && (num > 20) && + (num < 10000)) bar->width = (int)num; curl_free(colp); } -- 2.40.0