[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 114/125: curl_fnmatch: only allow 5 '*' sections in
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 114/125: curl_fnmatch: only allow 5 '*' sections in a single pattern |
Date: |
Sun, 21 Jan 2018 23:42:49 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 2a1b2b4ef5a64c36d431eb6f9fd6958042b17d62
Author: Daniel Stenberg <address@hidden>
AuthorDate: Tue Jan 16 15:55:44 2018 +0100
curl_fnmatch: only allow 5 '*' sections in a single pattern
... to avoid excessive recursive calls. The number 5 is totally
arbitrary and could be modified if someone has a good motivation.
---
lib/curl_fnmatch.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/lib/curl_fnmatch.c b/lib/curl_fnmatch.c
index 5638e167a..f33bba1f1 100644
--- a/lib/curl_fnmatch.c
+++ b/lib/curl_fnmatch.c
@@ -301,7 +301,8 @@ fail:
return SETCHARSET_FAIL;
}
-static int loop(const unsigned char *pattern, const unsigned char *string)
+static int loop(const unsigned char *pattern, const unsigned char *string,
+ int maxstars)
{
loop_state state = CURLFNM_LOOP_DEFAULT;
unsigned char *p = (unsigned char *)pattern;
@@ -313,11 +314,14 @@ static int loop(const unsigned char *pattern, const
unsigned char *string)
switch(state) {
case CURLFNM_LOOP_DEFAULT:
if(*p == '*') {
+ if(!maxstars)
+ return CURL_FNMATCH_NOMATCH;
while(*(p + 1) == '*') /* eliminate multiple stars */
p++;
if(*s == '\0' && *(p + 1) == '\0')
return CURL_FNMATCH_MATCH;
- rc = loop(p + 1, s); /* *.txt matches .txt <=> .txt matches .txt */
+ rc = loop(p + 1, s, maxstars - 1); /* *.txt matches .txt <=>
+ .txt matches .txt */
if(rc == CURL_FNMATCH_MATCH)
return CURL_FNMATCH_MATCH;
if(*s) /* let the star eat up one character */
@@ -416,5 +420,5 @@ int Curl_fnmatch(void *ptr, const char *pattern, const char
*string)
if(!pattern || !string) {
return CURL_FNMATCH_FAIL;
}
- return loop((unsigned char *)pattern, (unsigned char *)string);
+ return loop((unsigned char *)pattern, (unsigned char *)string, 5);
}
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 93/125: scripts: allow all perl scripts to be run directly, (continued)
- [GNUnet-SVN] [gnurl] 93/125: scripts: allow all perl scripts to be run directly, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 52/125: multi_done: prune DNS cache, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 74/125: curl_easy_reset: release mime-related data., gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 76/125: curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 71/125: CURLOPT_READFUNCTION.3: refer to argument with correct name, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 77/125: build-openssl.bat: Added support for VC15, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 94/125: progress: calculate transfer speed on milliseconds if possible, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 80/125: winbuild: Added support for VC15, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 116/125: openssl: fix the libressl build again, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 103/125: HTTP: bail out on negative Content-Length: values, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 114/125: curl_fnmatch: only allow 5 '*' sections in a single pattern,
gnunet <=
- [GNUnet-SVN] [gnurl] 75/125: examples/rtsp: fix error handling macros, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 117/125: openssl: fix potential memory leak in SSLKEYLOGFILE logic, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 12/125: libssh: added SFTP support, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 122/125: TODO: two possible name resolver improvements, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 118/125: SSH: Fix state machine for ssh-agent authentication, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 07/125: Added support for libssh SSH SCP back-end, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 42/125: curl.h: remove incorrect comment about ERRORBUFFER, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 46/125: CURLOPT_PRIVATE.3: fix grammar, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 39/125: BINDINGS: another PostgreSQL client, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 47/125: sftp: allow quoted commands to use relative paths, gnunet, 2018/01/21