From: Rich Felker Date: Sun, 5 Jun 2011 23:29:52 +0000 (-0400) Subject: safety fix for glob's vla usage: disallow patterns longer than PATH_MAX X-Git-Url: http://nsz.repo.hu/git/?p=musl;a=commitdiff_plain;h=0dc99ac413d8bc054a2e95578475c7122455eee8 safety fix for glob's vla usage: disallow patterns longer than PATH_MAX this actually inadvertently disallows some valid patterns with redundant / or * characters, but it's better than allowing unbounded vla allocation. eventually i'll write code to move the pattern to the stack and eliminate redundancy to ensure that it fits in PATH_MAX at the beginning of glob. this would also allow it to be modified in place for passing to fnmatch rather than copied at each level of recursion. --- diff --git a/src/regex/glob.c b/src/regex/glob.c index 9a70f0bc..67f84bcf 100644 --- a/src/regex/glob.c +++ b/src/regex/glob.c @@ -171,6 +171,8 @@ int glob(const char *pat, int flags, int (*errfunc)(const char *path, int err), d = ""; } + if (strlen(p) > PATH_MAX) return GLOB_NOSPACE; + if (!errfunc) errfunc = ignore_err; if (!(flags & GLOB_APPEND)) {