From da0fcdb8e913ca7cdf8931328f2b37e93309b2c5 Mon Sep 17 00:00:00 2001 From: Szabolcs Nagy Date: Sun, 1 Dec 2013 17:32:48 +0000 Subject: [PATCH] fix the end of string matching in fnmatch with FNM_PATHNAME a '/' in the pattern could be incorrectly matched against the terminating null byte in the string causing arbitrarily long sequence of out-of-bounds access in fnmatch("/","",FNM_PATHNAME) --- src/regex/fnmatch.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/regex/fnmatch.c b/src/regex/fnmatch.c index ffd3ea0d..c3fcaa5b 100644 --- a/src/regex/fnmatch.c +++ b/src/regex/fnmatch.c @@ -288,10 +288,10 @@ int fnmatch(const char *pat, const char *str, int flags) if (flags & FNM_PATHNAME) for (;;) { for (s=str; *s && *s!='/'; s++); for (p=pat; (c=pat_next(p, -1, &inc, flags))!=END && c!='/'; p+=inc); - if (*s && *p!=*s) return FNM_NOMATCH; + if (*p!=*s) return FNM_NOMATCH; if (fnmatch_internal(pat, p-pat, str, s-str, flags)) return FNM_NOMATCH; - if (!*s && c==END) return 0; + if (!*s) return 0; str = s+1; pat = p+1; } -- 2.25.1