curl_fnmatch: only allow two asterisks for matching

The previous limit of 5 can still end up in situation that takes a very long time and consumes a lot of CPU. If there is still a rare use case for this, a user can provide their own fnmatch callback for a version that allows a larger set of wildcards. This commit was triggered by yet another OSS-Fuzz timeout due to this. Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8369 Closes #2587
author: Daniel Stenberg <daniel@haxx.se> 2018-05-18 16:48:13 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2018-05-18 23:33:44 +0200
commit: 404c8850da5a677638959f4e38bb7692cb887d3a (patch)
tree: 0cc2d3399ba189df38e83536b42a1f837da27aec /lib/curl_fnmatch.c
parent: 27aebcc1d1a0825af6e812f86bf5eaf510f610d1 (diff)
download: curl-404c8850da5a677638959f4e38bb7692cb887d3a.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/curl_fnmatch.c b/lib/curl_fnmatch.c
index 0179a4f71..268fe79b3 100644
--- a/lib/curl_fnmatch.c
+++ b/lib/curl_fnmatch.c
@@ -355,5 +355,5 @@ int Curl_fnmatch(void *ptr, const char *pattern, const char *string)
   if(!pattern || !string) {
     return CURL_FNMATCH_FAIL;
   }
-  return loop((unsigned char *)pattern, (unsigned char *)string, 5);
+  return loop((unsigned char *)pattern, (unsigned char *)string, 2);
 }
author	Daniel Stenberg <daniel@haxx.se>	2018-05-18 16:48:13 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2018-05-18 23:33:44 +0200
commit	404c8850da5a677638959f4e38bb7692cb887d3a (patch)
tree	0cc2d3399ba189df38e83536b42a1f837da27aec /lib/curl_fnmatch.c
parent	27aebcc1d1a0825af6e812f86bf5eaf510f610d1 (diff)
download	curl-404c8850da5a677638959f4e38bb7692cb887d3a.tar.gz