curl: only accept COLUMNS less than 10000 ... as larger values would rather indicate something silly (and could potentially cause buffer problems). Reported-by: pendrek at hackerone Closes #4114

commit: 952998cbdb86a6b177881a013021c588a53e5801 [log] [tgz]
author: Daniel Stenberg <daniel@haxx.se> Mon Jul 15 23:52:43 2019 +0200
committer: Daniel Stenberg <daniel@haxx.se> Tue Jul 16 11:25:08 2019 +0200
tree: 38b41a79c721f111659ec49e524af5718a9affb1
parent: 275b74a53d47174fcc29bab2fc23f599e1205f41 [diff]
diff --git a/src/tool_cb_prg.c b/src/tool_cb_prg.c
index 05fe0e6..a18827c 100644
--- a/src/tool_cb_prg.c
+++ b/src/tool_cb_prg.c

@@ -210,7 +210,8 @@
   if(colp) {
     char *endptr;
     long num = strtol(colp, &endptr, 10);
-    if((endptr != colp) && (endptr == colp + strlen(colp)) && (num > 20))
+    if((endptr != colp) && (endptr == colp + strlen(colp)) && (num > 20) &&
+       (num < 10000))
       bar->width = (int)num;
     curl_free(colp);
   }
commit	952998cbdb86a6b177881a013021c588a53e5801	[log] [tgz]
author	Daniel Stenberg <daniel@haxx.se>	Mon Jul 15 23:52:43 2019 +0200
committer	Daniel Stenberg <daniel@haxx.se>	Tue Jul 16 11:25:08 2019 +0200
tree	38b41a79c721f111659ec49e524af5718a9affb1
parent	275b74a53d47174fcc29bab2fc23f599e1205f41 [diff]