fix the end of string matching in fnmatch with FNM_PATHNAME

a '/' in the pattern could be incorrectly matched against the
terminating null byte in the string causing arbitrarily long
sequence of out-of-bounds access in fnmatch("/","",FNM_PATHNAME)

diff --git a/src/regex/fnmatch.c b/src/regex/fnmatch.c
index ffd3ea0d74fd27396e08ad2554b58b72ae7206bf..c3fcaa5bb95d2e7d2ce9ea15141916be644771b3 100644 (file)
--- a/src/regex/fnmatch.c
+++ b/src/regex/fnmatch.c
@@ -288,10 +288,10 @@ int fnmatch(const char *pat, const char *str, int flags)
        if (flags & FNM_PATHNAME) for (;;) {
                for (s=str; *s && *s!='/'; s++);
                for (p=pat; (c=pat_next(p, -1, &inc, flags))!=END && c!='/'; p+=inc);
-               if (*s && *p!=*s) return FNM_NOMATCH;
+               if (*p!=*s) return FNM_NOMATCH;
                if (fnmatch_internal(pat, p-pat, str, s-str, flags))
                        return FNM_NOMATCH;
-               if (!*s && c==END) return 0;
+               if (!*s) return 0;
                str = s+1;
                pat = p+1;
        }