riscv
/
musl
mirror of https://git.musl-libc.org/git/musl
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

make globfree safe after failed glob from over-length argument 

commit 0dc99ac413 added input length
checking to avoid unsafe VLA allocation, but put it in the wrong
place, before the glob_t structure was zeroed out. while POSIX isn't
clear on whether it's permitted to call globfree after glob failed
with GLOB_NOSPACE, making it safe is clearly better than letting
uninitialized pointers get passed to free in non-conforming callers.

while we're fixing this, change strlen check to the idiomatic strnlen
version to avoid unbounded input scanning before returning an error.
master
Rich Felker 10 years ago
parent
61fb81e395
commit
769f53598e
1 changed files with 2 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      src/regex/glob.c

4
src/regex/glob.c
View File

@ -169,8 +169,6 @@ int glob(const char *restrict pat, int flags, int (*errfunc)(const char *path, i
d = "";
}
if (strlen(p) > PATH_MAX) return GLOB_NOSPACE;
if (!errfunc) errfunc = ignore_err;
if (!(flags & GLOB_APPEND)) {
@ -179,6 +177,8 @@ int glob(const char *restrict pat, int flags, int (*errfunc)(const char *path, i
g->gl_pathv = NULL;
}
if (strnlen(p, PATH_MAX+1) > PATH_MAX) return GLOB_NOSPACE;
if (*p) error = match_in_dir(d, p, flags, errfunc, &tail);
if (error == GLOB_NOSPACE) {
freelist(&head);

Write Preview
Loading…
Cancel
Save