safety fix for glob's vla usage: disallow patterns longer than PATH_MAX

this actually inadvertently disallows some valid patterns with
redundant / or * characters, but it's better than allowing unbounded
vla allocation.

eventually i'll write code to move the pattern to the stack and
eliminate redundancy to ensure that it fits in PATH_MAX at the
beginning of glob. this would also allow it to be modified in place
for passing to fnmatch rather than copied at each level of recursion.

diff --git a/src/regex/glob.c b/src/regex/glob.c
index 9a70f0bc20911c441a660e4535deb6682154d8ea..67f84bcf0c0408fa90e8cefc284e6a1e8f4a7b7d 100644 (file)
--- a/src/regex/glob.c
+++ b/src/regex/glob.c
@@ -171,6 +171,8 @@ int glob(const char *pat, int flags, int (*errfunc)(const char *path, int err),
                d = "";
        }
 
+       if (strlen(p) > PATH_MAX) return GLOB_NOSPACE;
+
        if (!errfunc) errfunc = ignore_err;
 
        if (!(flags & GLOB_APPEND)) {