curl: only accept COLUMNS less than 10000

... as larger values would rather indicate something silly (and could potentially cause buffer problems). Reported-by: pendrek at hackerone Closes #4114
2024-12-09 06:30:06 +08:00 · 2019-07-15 23:52:43 +02:00 · 2019-07-15 23:52:43 +02:00 · 952998cbdb
commit 952998cbdb
parent 275b74a53d
1 changed files with 2 additions and 1 deletions
--- a/src/tool_cb_prg.c
+++ b/src/tool_cb_prg.c
@ -210,7 +210,8 @@ void progressbarinit(struct ProgressData *bar,
  if(colp) {
    char *endptr;
    long num = strtol(colp, &endptr, 10);
-    if((endptr != colp) && (endptr == colp + strlen(colp)) && (num > 20))
+    if((endptr != colp) && (endptr == colp + strlen(colp)) && (num > 20) &&
+       (num < 10000))
      bar->width = (int)num;
    curl_free(colp);
  }