From 2a1b2b4ef5a64c36d431eb6f9fd6958042b17d62 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 16 Jan 2018 15:55:44 +0100 Subject: curl_fnmatch: only allow 5 '*' sections in a single pattern ... to avoid excessive recursive calls. The number 5 is totally arbitrary and could be modified if someone has a good motivation. --- lib/curl_fnmatch.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/curl_fnmatch.c b/lib/curl_fnmatch.c index 5638e167a..f33bba1f1 100644 --- a/lib/curl_fnmatch.c +++ b/lib/curl_fnmatch.c @@ -301,7 +301,8 @@ fail: return SETCHARSET_FAIL; } -static int loop(const unsigned char *pattern, const unsigned char *string) +static int loop(const unsigned char *pattern, const unsigned char *string, + int maxstars) { loop_state state = CURLFNM_LOOP_DEFAULT; unsigned char *p = (unsigned char *)pattern; @@ -313,11 +314,14 @@ static int loop(const unsigned char *pattern, const unsigned char *string) switch(state) { case CURLFNM_LOOP_DEFAULT: if(*p == '*') { + if(!maxstars) + return CURL_FNMATCH_NOMATCH; while(*(p + 1) == '*') /* eliminate multiple stars */ p++; if(*s == '\0' && *(p + 1) == '\0') return CURL_FNMATCH_MATCH; - rc = loop(p + 1, s); /* *.txt matches .txt <=> .txt matches .txt */ + rc = loop(p + 1, s, maxstars - 1); /* *.txt matches .txt <=> + .txt matches .txt */ if(rc == CURL_FNMATCH_MATCH) return CURL_FNMATCH_MATCH; if(*s) /* let the star eat up one character */ @@ -416,5 +420,5 @@ int Curl_fnmatch(void *ptr, const char *pattern, const char *string) if(!pattern || !string) { return CURL_FNMATCH_FAIL; } - return loop((unsigned char *)pattern, (unsigned char *)string); + return loop((unsigned char *)pattern, (unsigned char *)string, 5); } -- cgit v1.2.1