diff options
| -rw-r--r-- | libexec/ftpd/ftpd.c | 9 | ||||
| -rw-r--r-- | libexec/ftpd/popen.c | 2 |
2 files changed, 11 insertions, 0 deletions
diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c index 43ab6bf..b5b6136 100644 --- a/libexec/ftpd/ftpd.c +++ b/libexec/ftpd/ftpd.c @@ -189,6 +189,13 @@ static int auth_pam __P((struct passwd**, const char*)); char *pid_file = NULL; /* + * Limit number of pathnames that glob can return. + * A limit of 0 indicates the number of pathnames is unlimited. + */ +#define MAXGLOBARGS 16384 +# + +/* * Timeout intervals for retrying connections * to hosts that don't accept PORT cmds. This * is a kludge, but given the problems with TCP... @@ -2621,6 +2628,8 @@ send_file_list(whichf) int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE; memset(&gl, 0, sizeof(gl)); + gl.gl_matchc = MAXGLOBARGS; + flags |= GLOB_MAXPATH; freeglob = 1; if (glob(whichf, flags, 0, &gl)) { reply(550, "not found"); diff --git a/libexec/ftpd/popen.c b/libexec/ftpd/popen.c index 74f34e3..e8d3cfb 100644 --- a/libexec/ftpd/popen.c +++ b/libexec/ftpd/popen.c @@ -107,6 +107,8 @@ ftpd_popen(program, type) int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE; memset(&gl, 0, sizeof(gl)); + gl.gl_matchc = MAXGLOBARGS; + flags |= GLOB_MAXPATH; if (glob(argv[argc], flags, NULL, &gl)) gargv[gargc++] = strdup(argv[argc]); else |
