[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 13/163: curl_fnmatch: only allow two asterisks for
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 13/163: curl_fnmatch: only allow two asterisks for matching |
Date: |
Sun, 05 Aug 2018 12:35:39 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 404c8850da5a677638959f4e38bb7692cb887d3a
Author: Daniel Stenberg <address@hidden>
AuthorDate: Fri May 18 16:48:13 2018 +0200
curl_fnmatch: only allow two asterisks for matching
The previous limit of 5 can still end up in situation that takes a very
long time and consumes a lot of CPU.
If there is still a rare use case for this, a user can provide their own
fnmatch callback for a version that allows a larger set of wildcards.
This commit was triggered by yet another OSS-Fuzz timeout due to this.
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8369
Closes #2587
---
docs/libcurl/opts/CURLOPT_WILDCARDMATCH.3 | 4 ++--
lib/curl_fnmatch.c | 2 +-
tests/unit/unit1307.c | 4 ----
3 files changed, 3 insertions(+), 7 deletions(-)
diff --git a/docs/libcurl/opts/CURLOPT_WILDCARDMATCH.3
b/docs/libcurl/opts/CURLOPT_WILDCARDMATCH.3
index 1ca1bedd4..da1fea9fb 100644
--- a/docs/libcurl/opts/CURLOPT_WILDCARDMATCH.3
+++ b/docs/libcurl/opts/CURLOPT_WILDCARDMATCH.3
@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <address@hidden>, et al.
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -41,7 +41,7 @@ A brief introduction of its syntax follows:
.RS
.IP "* - ASTERISK"
\&ftp://example.com/some/path/\fB*.txt\fP (for all txt's from the root
-directory)
+directory). Only two asterisks are allowed within the same pattern string.
.RE
.RS
.IP "? - QUESTION MARK"
diff --git a/lib/curl_fnmatch.c b/lib/curl_fnmatch.c
index 0179a4f71..268fe79b3 100644
--- a/lib/curl_fnmatch.c
+++ b/lib/curl_fnmatch.c
@@ -355,5 +355,5 @@ int Curl_fnmatch(void *ptr, const char *pattern, const char
*string)
if(!pattern || !string) {
return CURL_FNMATCH_FAIL;
}
- return loop((unsigned char *)pattern, (unsigned char *)string, 5);
+ return loop((unsigned char *)pattern, (unsigned char *)string, 2);
}
diff --git a/tests/unit/unit1307.c b/tests/unit/unit1307.c
index 0d2257bf0..5f60332b8 100644
--- a/tests/unit/unit1307.c
+++ b/tests/unit/unit1307.c
@@ -185,11 +185,7 @@ static const struct testcase tests[] = {
{ "\\?.txt", "x.txt", NOMATCH },
{ "\\*.txt", "x.txt", NOMATCH },
{ "\\*\\\\.txt", "*\\.txt", MATCH },
- { "*\\**\\?*\\\\*", "cc*cc?cc\\cc*cc", MATCH },
{ "*\\**\\?*\\\\*", "cc*cc?cccc", NOMATCH },
- { "*\\**\\?*\\\\*", "cc*cc?cc\\cc*cc", MATCH },
- { "*\\?*\\**", "cc?c*c", MATCH },
- { "*\\?*\\**curl*", "cc?c*curl", MATCH },
{ "*\\?*\\**", "cc?cc", NOMATCH },
{ "\\\"\\$\\&\\'\\(\\)", "\"$&'()", MATCH },
{ "\\*\\?\\[\\\\\\`\\|", "*?[\\`|", MATCH },
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] branch master updated (cb5937f5c -> 2a23ac742), gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 03/163: rand: fix typo, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 02/163: schannel: disable manual verify if APIs not available, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 12/163: checksrc: fix too long line, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 04/163: schannel_verify: fix build for non-schannel, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 07/163: openssl: acknowledge --tls-max for default version too, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 13/163: curl_fnmatch: only allow two asterisks for matching,
gnunet <=
- [GNUnet-SVN] [gnurl] 09/163: stub_gssapi: fix numerous 'unused parameter' warnings, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 10/163: examples/progressfunc: make it build on older libcurls, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 01/163: schannel: disable client cert option if APIs not available, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 05/163: tests/libtest/Makefile: Do not unconditionally add gcc-specific flags, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 15/163: configure: replace AC_TRY_RUN with CURL_RUN_IFELSE, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 23/163: schannel: make CAinfo parsing resilient to CR/LF, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 35/163: schannel: add failf calls for client certificate failures, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 25/163: tftp: make sure error is zero terminated before printfing it, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 06/163: bump: start working on the pending 7.61.0, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 20/163: KNOWN_BUGS: mention the -O with %-encoded file names, gnunet, 2018/08/05