Avoid DoS attacks for patterns that have braces. Noted by Maksymilian
Arciemowicz. XXX: Pullup to 5.x
This commit is contained in:
christos
parent
4ab501cfa2
commit
9b94acc7a6
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: glob.c,v 1.24 2009/04/08 16:28:50 christos Exp $ */
|
||||
/* $NetBSD: glob.c,v 1.25 2010/07/02 21:13:10 christos Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1989, 1993
|
||||
|
|
@ -37,7 +37,7 @@
|
|||
#if 0
|
||||
static char sccsid[] = "@(#)glob.c 8.3 (Berkeley) 10/13/93";
|
||||
#else
|
||||
__RCSID("$NetBSD: glob.c,v 1.24 2009/04/08 16:28:50 christos Exp $");
|
||||
__RCSID("$NetBSD: glob.c,v 1.25 2010/07/02 21:13:10 christos Exp $");
|
||||
#endif
|
||||
#endif /* LIBC_SCCS and not lint */
|
||||
|
||||
|
|
@ -155,7 +155,7 @@ static int g_lstat(Char *, __gl_stat_t *, glob_t *);
|
|||
static DIR *g_opendir(Char *, glob_t *);
|
||||
static Char *g_strchr(const Char *, int);
|
||||
static int g_stat(Char *, __gl_stat_t *, glob_t *);
|
||||
static int glob0(const Char *, glob_t *);
|
||||
static int glob0(const Char *, glob_t *, size_t *);
|
||||
static int glob1(Char *, glob_t *, size_t *);
|
||||
static int glob2(Char *, Char *, Char *, Char *, glob_t *,
|
||||
size_t *);
|
||||
|
|
@ -163,8 +163,9 @@ static int glob3(Char *, Char *, Char *, Char *, Char *, glob_t *,
|
|||
size_t *);
|
||||
static int globextend(const Char *, glob_t *, size_t *);
|
||||
static const Char *globtilde(const Char *, Char *, size_t, glob_t *);
|
||||
static int globexp1(const Char *, glob_t *);
|
||||
static int globexp2(const Char *, const Char *, glob_t *, int *);
|
||||
static int globexp1(const Char *, glob_t *, size_t *);
|
||||
static int globexp2(const Char *, const Char *, glob_t *, int *,
|
||||
size_t *);
|
||||
static int match(Char *, Char *, Char *);
|
||||
#ifdef DEBUG
|
||||
static void qprintf(const char *, Char *);
|
||||
|
|
@ -177,6 +178,7 @@ glob(const char *pattern, int flags, int (*errfunc)(const char *, int),
|
|||
const u_char *patnext;
|
||||
int c;
|
||||
Char *bufnext, *bufend, patbuf[MAXPATHLEN+1];
|
||||
size_t limit = 0;
|
||||
|
||||
_DIAGASSERT(pattern != NULL);
|
||||
|
||||
|
|
@ -212,9 +214,9 @@ glob(const char *pattern, int flags, int (*errfunc)(const char *, int),
|
|||
*bufnext = EOS;
|
||||
|
||||
if (flags & GLOB_BRACE)
|
||||
return globexp1(patbuf, pglob);
|
||||
return globexp1(patbuf, pglob, &limit);
|
||||
else
|
||||
return glob0(patbuf, pglob);
|
||||
return glob0(patbuf, pglob, &limit);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -223,7 +225,7 @@ glob(const char *pattern, int flags, int (*errfunc)(const char *, int),
|
|||
* characters
|
||||
*/
|
||||
static int
|
||||
globexp1(const Char *pattern, glob_t *pglob)
|
||||
globexp1(const Char *pattern, glob_t *pglob, size_t *limit)
|
||||
{
|
||||
const Char* ptr = pattern;
|
||||
int rv;
|
||||
|
|
@ -233,13 +235,13 @@ globexp1(const Char *pattern, glob_t *pglob)
|
|||
|
||||
/* Protect a single {}, for find(1), like csh */
|
||||
if (pattern[0] == LBRACE && pattern[1] == RBRACE && pattern[2] == EOS)
|
||||
return glob0(pattern, pglob);
|
||||
return glob0(pattern, pglob, limit);
|
||||
|
||||
while ((ptr = (const Char *) g_strchr(ptr, LBRACE)) != NULL)
|
||||
if (!globexp2(ptr, pattern, pglob, &rv))
|
||||
if (!globexp2(ptr, pattern, pglob, &rv, limit))
|
||||
return rv;
|
||||
|
||||
return glob0(pattern, pglob);
|
||||
return glob0(pattern, pglob, limit);
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -249,7 +251,8 @@ globexp1(const Char *pattern, glob_t *pglob)
|
|||
* If it fails then it tries to glob the rest of the pattern and returns.
|
||||
*/
|
||||
static int
|
||||
globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv)
|
||||
globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv,
|
||||
size_t *limit)
|
||||
{
|
||||
int i;
|
||||
Char *lm, *ls;
|
||||
|
|
@ -294,7 +297,7 @@ globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv)
|
|||
* we use `pattern', not `patbuf' here so that that
|
||||
* unbalanced braces are passed to the match
|
||||
*/
|
||||
*rv = glob0(pattern, pglob);
|
||||
*rv = glob0(pattern, pglob, limit);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -341,7 +344,7 @@ globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv)
|
|||
#ifdef DEBUG
|
||||
qprintf("globexp2:", patbuf);
|
||||
#endif
|
||||
*rv = globexp1(patbuf, pglob);
|
||||
*rv = globexp1(patbuf, pglob, limit);
|
||||
|
||||
/* move after the comma, to the next string */
|
||||
pl = pm + 1;
|
||||
|
|
@ -454,13 +457,12 @@ globtilde(const Char *pattern, Char *patbuf, size_t patsize, glob_t *pglob)
|
|||
* to find no matches.
|
||||
*/
|
||||
static int
|
||||
glob0(const Char *pattern, glob_t *pglob)
|
||||
glob0(const Char *pattern, glob_t *pglob, size_t *limit)
|
||||
{
|
||||
const Char *qpatnext;
|
||||
int c, error;
|
||||
__gl_size_t oldpathc;
|
||||
Char *bufnext, patbuf[MAXPATHLEN+1];
|
||||
size_t limit = 0;
|
||||
|
||||
_DIAGASSERT(pattern != NULL);
|
||||
_DIAGASSERT(pglob != NULL);
|
||||
|
|
@ -523,7 +525,7 @@ glob0(const Char *pattern, glob_t *pglob)
|
|||
qprintf("glob0:", patbuf);
|
||||
#endif
|
||||
|
||||
if ((error = glob1(patbuf, pglob, &limit)) != 0)
|
||||
if ((error = glob1(patbuf, pglob, limit)) != 0)
|
||||
return error;
|
||||
|
||||
if (pglob->gl_pathc == oldpathc) {
|
||||
|
|
@ -537,7 +539,7 @@ glob0(const Char *pattern, glob_t *pglob)
|
|||
if ((pglob->gl_flags & GLOB_NOCHECK) ||
|
||||
((pglob->gl_flags & (GLOB_NOMAGIC|GLOB_MAGCHAR))
|
||||
== GLOB_NOMAGIC)) {
|
||||
return globextend(pattern, pglob, &limit);
|
||||
return globextend(pattern, pglob, limit);
|
||||
} else {
|
||||
return GLOB_NOMATCH;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue