diff options
| author | Rich Felker <dalias@aerifal.cx> | 2011-06-05 19:29:52 -0400 |
|---|---|---|
| committer | Rich Felker <dalias@aerifal.cx> | 2011-06-05 19:29:52 -0400 |
| commit | 0dc99ac413d8bc054a2e95578475c7122455eee8 (patch) | |
| tree | a8222147275ce5c3f8f9b5d12e8853e1a78b8e07 | |
| parent | a6c399cf62bbd88f0f0142fd3e9e1e72bd093bc3 (diff) | |
| download | musl-0dc99ac413d8bc054a2e95578475c7122455eee8.tar.gz musl-0dc99ac413d8bc054a2e95578475c7122455eee8.tar.bz2 musl-0dc99ac413d8bc054a2e95578475c7122455eee8.tar.xz musl-0dc99ac413d8bc054a2e95578475c7122455eee8.zip | |
safety fix for glob's vla usage: disallow patterns longer than PATH_MAX
this actually inadvertently disallows some valid patterns with
redundant / or * characters, but it's better than allowing unbounded
vla allocation.
eventually i'll write code to move the pattern to the stack and
eliminate redundancy to ensure that it fits in PATH_MAX at the
beginning of glob. this would also allow it to be modified in place
for passing to fnmatch rather than copied at each level of recursion.
| -rw-r--r-- | src/regex/glob.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/regex/glob.c b/src/regex/glob.c index 9a70f0bc..67f84bcf 100644 --- a/src/regex/glob.c +++ b/src/regex/glob.c @@ -171,6 +171,8 @@ int glob(const char *pat, int flags, int (*errfunc)(const char *path, int err), d = ""; } + if (strlen(p) > PATH_MAX) return GLOB_NOSPACE; + if (!errfunc) errfunc = ignore_err; if (!(flags & GLOB_APPEND)) { |