From b7f880ec6f58461e81df2c30565b3d27cf217081 Mon Sep 17 00:00:00 2001 From: Stefan Sperling Date: Sat, 17 Sep 2011 15:20:58 +0000 Subject: Apply the fnmatch recursion limit fix to the local copy of fnmatch in httpd. ok henning --- usr.sbin/httpd/src/ap/ap_fnmatch.c | 33 +++++++++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) (limited to 'usr.sbin') diff --git a/usr.sbin/httpd/src/ap/ap_fnmatch.c b/usr.sbin/httpd/src/ap/ap_fnmatch.c index 015cdc2689d..f6191e93c2a 100644 --- a/usr.sbin/httpd/src/ap/ap_fnmatch.c +++ b/usr.sbin/httpd/src/ap/ap_fnmatch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ap_fnmatch.c,v 1.5 2005/06/20 12:23:22 robert Exp $ */ +/* $OpenBSD: ap_fnmatch.c,v 1.6 2011/09/17 15:20:57 stsp Exp $ */ /* * Copyright (c) 1989, 1993, 1994 @@ -40,16 +40,40 @@ #include "ap_config.h" #include "fnmatch.h" #include +#include #define EOS '\0' +/* Limit of recursion during matching attempts. */ +#define __FNM_MAX_RECUR 64 + +static int __fnmatch(const char *, const char *, int, int); static const char *rangematch(const char *, int, int); API_EXPORT(int) ap_fnmatch(const char *pattern, const char *string, int flags) +{ + int e; + + if (strnlen(pattern, PATH_MAX) == PATH_MAX || + strnlen(string, PATH_MAX) == PATH_MAX) + return (FNM_NOMATCH); + + e = __fnmatch(pattern, string, flags, __FNM_MAX_RECUR); + if (e == -1) + e = FNM_NOMATCH; + return (e); +} + +int +__fnmatch(const char *pattern, const char *string, int flags, int recur) { const char *stringstart; char c, test; + int e; + + if (recur-- == 0) + return (-1); for (stringstart = string;;) { switch (c = *pattern++) { @@ -92,9 +116,10 @@ ap_fnmatch(const char *pattern, const char *string, int flags) /* General case, use recursion. */ while ((test = *string) != EOS) { - if (!ap_fnmatch(pattern, string, - flags & ~FNM_PERIOD)) - return (0); + e = __fnmatch(pattern, string, + flags & ~FNM_PERIOD, recur); + if (e != FNM_NOMATCH) + return (e); if (test == '/' && flags & FNM_PATHNAME) break; ++string; -- cgit v1.2.3