mirror of
https://github.com/moparisthebest/curl
synced 2025-01-11 22:18:00 -05:00
curl_fnmatch: only allow 5 '*' sections in a single pattern
... to avoid excessive recursive calls. The number 5 is totally arbitrary and could be modified if someone has a good motivation.
This commit is contained in:
parent
cb5accab9e
commit
2a1b2b4ef5
@ -301,7 +301,8 @@ fail:
|
|||||||
return SETCHARSET_FAIL;
|
return SETCHARSET_FAIL;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int loop(const unsigned char *pattern, const unsigned char *string)
|
static int loop(const unsigned char *pattern, const unsigned char *string,
|
||||||
|
int maxstars)
|
||||||
{
|
{
|
||||||
loop_state state = CURLFNM_LOOP_DEFAULT;
|
loop_state state = CURLFNM_LOOP_DEFAULT;
|
||||||
unsigned char *p = (unsigned char *)pattern;
|
unsigned char *p = (unsigned char *)pattern;
|
||||||
@ -313,11 +314,14 @@ static int loop(const unsigned char *pattern, const unsigned char *string)
|
|||||||
switch(state) {
|
switch(state) {
|
||||||
case CURLFNM_LOOP_DEFAULT:
|
case CURLFNM_LOOP_DEFAULT:
|
||||||
if(*p == '*') {
|
if(*p == '*') {
|
||||||
|
if(!maxstars)
|
||||||
|
return CURL_FNMATCH_NOMATCH;
|
||||||
while(*(p + 1) == '*') /* eliminate multiple stars */
|
while(*(p + 1) == '*') /* eliminate multiple stars */
|
||||||
p++;
|
p++;
|
||||||
if(*s == '\0' && *(p + 1) == '\0')
|
if(*s == '\0' && *(p + 1) == '\0')
|
||||||
return CURL_FNMATCH_MATCH;
|
return CURL_FNMATCH_MATCH;
|
||||||
rc = loop(p + 1, s); /* *.txt matches .txt <=> .txt matches .txt */
|
rc = loop(p + 1, s, maxstars - 1); /* *.txt matches .txt <=>
|
||||||
|
.txt matches .txt */
|
||||||
if(rc == CURL_FNMATCH_MATCH)
|
if(rc == CURL_FNMATCH_MATCH)
|
||||||
return CURL_FNMATCH_MATCH;
|
return CURL_FNMATCH_MATCH;
|
||||||
if(*s) /* let the star eat up one character */
|
if(*s) /* let the star eat up one character */
|
||||||
@ -416,5 +420,5 @@ int Curl_fnmatch(void *ptr, const char *pattern, const char *string)
|
|||||||
if(!pattern || !string) {
|
if(!pattern || !string) {
|
||||||
return CURL_FNMATCH_FAIL;
|
return CURL_FNMATCH_FAIL;
|
||||||
}
|
}
|
||||||
return loop((unsigned char *)pattern, (unsigned char *)string);
|
return loop((unsigned char *)pattern, (unsigned char *)string, 5);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user