mirror of
https://github.com/moparisthebest/curl
synced 2024-12-23 16:48:49 -05:00
curl_fnmatch: only allow two asterisks for matching
The previous limit of 5 can still end up in situation that takes a very long time and consumes a lot of CPU. If there is still a rare use case for this, a user can provide their own fnmatch callback for a version that allows a larger set of wildcards. This commit was triggered by yet another OSS-Fuzz timeout due to this. Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8369 Closes #2587
This commit is contained in:
parent
27aebcc1d1
commit
404c8850da
@ -5,7 +5,7 @@
|
||||
.\" * | (__| |_| | _ <| |___
|
||||
.\" * \___|\___/|_| \_\_____|
|
||||
.\" *
|
||||
.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
.\" *
|
||||
.\" * This software is licensed as described in the file COPYING, which
|
||||
.\" * you should have received as part of this distribution. The terms
|
||||
@ -41,7 +41,7 @@ A brief introduction of its syntax follows:
|
||||
.RS
|
||||
.IP "* - ASTERISK"
|
||||
\&ftp://example.com/some/path/\fB*.txt\fP (for all txt's from the root
|
||||
directory)
|
||||
directory). Only two asterisks are allowed within the same pattern string.
|
||||
.RE
|
||||
.RS
|
||||
.IP "? - QUESTION MARK"
|
||||
|
@ -355,5 +355,5 @@ int Curl_fnmatch(void *ptr, const char *pattern, const char *string)
|
||||
if(!pattern || !string) {
|
||||
return CURL_FNMATCH_FAIL;
|
||||
}
|
||||
return loop((unsigned char *)pattern, (unsigned char *)string, 5);
|
||||
return loop((unsigned char *)pattern, (unsigned char *)string, 2);
|
||||
}
|
||||
|
@ -185,11 +185,7 @@ static const struct testcase tests[] = {
|
||||
{ "\\?.txt", "x.txt", NOMATCH },
|
||||
{ "\\*.txt", "x.txt", NOMATCH },
|
||||
{ "\\*\\\\.txt", "*\\.txt", MATCH },
|
||||
{ "*\\**\\?*\\\\*", "cc*cc?cc\\cc*cc", MATCH },
|
||||
{ "*\\**\\?*\\\\*", "cc*cc?cccc", NOMATCH },
|
||||
{ "*\\**\\?*\\\\*", "cc*cc?cc\\cc*cc", MATCH },
|
||||
{ "*\\?*\\**", "cc?c*c", MATCH },
|
||||
{ "*\\?*\\**curl*", "cc?c*curl", MATCH },
|
||||
{ "*\\?*\\**", "cc?cc", NOMATCH },
|
||||
{ "\\\"\\$\\&\\'\\(\\)", "\"$&'()", MATCH },
|
||||
{ "\\*\\?\\[\\\\\\`\\|", "*?[\\`|", MATCH },
|
||||
|
Loading…
Reference in New Issue
Block a user