diff options
author | jlemon <jlemon@FreeBSD.org> | 2001-03-15 18:50:32 +0000 |
---|---|---|
committer | jlemon <jlemon@FreeBSD.org> | 2001-03-15 18:50:32 +0000 |
commit | 30d90e0153c139cfad0a785f20ad61ca77c694c4 (patch) | |
tree | 8fa655df8f78ac4753b1d01ea0e14c939eb98822 /lib | |
parent | 26f8c252302ca58638b76513ba478c1a6cb38b8e (diff) | |
download | FreeBSD-src-30d90e0153c139cfad0a785f20ad61ca77c694c4.zip FreeBSD-src-30d90e0153c139cfad0a785f20ad61ca77c694c4.tar.gz |
Limit the number of paths that glob can return to MAX_GLOBENTRIES, which
is currently set to 10000. This is intended to prevent glob from running
amok when a highly recursive path is provided (such as "../*/../*/../*/...")
Reviewed by: Diane Bruce <db@db.net>, jhb
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libc/gen/glob.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/libc/gen/glob.c b/lib/libc/gen/glob.c index 09dfd7a..48209cc 100644 --- a/lib/libc/gen/glob.c +++ b/lib/libc/gen/glob.c @@ -32,6 +32,8 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. + * + * $FreeBSD$ */ #if defined(LIBC_SCCS) && !defined(lint) @@ -78,6 +80,8 @@ static char sccsid[] = "@(#)glob.c 8.3 (Berkeley) 10/13/93"; #include "collate.h" +#define MAX_GLOBENTRIES 10000 /* limit number of entries */ + #define DOLLAR '$' #define DOT '.' #define EOS '\0' @@ -658,6 +662,9 @@ globextend(path, pglob) char *copy; const Char *p; + if (pglob->gl_pathc > MAX_GLOBENTRIES) + return (GLOB_ABEND); + newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs); pathv = pglob->gl_pathv ? realloc((char *)pglob->gl_pathv, newsize) : |