From 0dc99ac413d8bc054a2e95578475c7122455eee8 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Sun, 5 Jun 2011 19:29:52 -0400 Subject: [PATCH] safety fix for glob's vla usage: disallow patterns longer than PATH_MAX this actually inadvertently disallows some valid patterns with redundant / or * characters, but it's better than allowing unbounded vla allocation. eventually i'll write code to move the pattern to the stack and eliminate redundancy to ensure that it fits in PATH_MAX at the beginning of glob. this would also allow it to be modified in place for passing to fnmatch rather than copied at each level of recursion. --- src/regex/glob.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/regex/glob.c b/src/regex/glob.c index 9a70f0bc..67f84bcf 100644 --- a/src/regex/glob.c +++ b/src/regex/glob.c @@ -171,6 +171,8 @@ int glob(const char *pat, int flags, int (*errfunc)(const char *path, int err), d = ""; } + if (strlen(p) > PATH_MAX) return GLOB_NOSPACE; + if (!errfunc) errfunc = ignore_err; if (!(flags & GLOB_APPEND)) { -- 2.25.1