From owner-cvs-all  Thu Mar 15 11:32:53 2001
Delivered-To: cvs-all@freebsd.org
Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163])
	by hub.freebsd.org (Postfix) with ESMTP
	id 74E9D37B71C; Thu, 15 Mar 2001 11:32:47 -0800 (PST)
	(envelope-from phk@critter.freebsd.dk)
Received: from critter (localhost [127.0.0.1])
	by critter.freebsd.dk (8.11.3/8.11.3) with ESMTP id f2FJWWr08036;
	Thu, 15 Mar 2001 20:32:33 +0100 (CET)
	(envelope-from phk@critter.freebsd.dk)
To: Jonathan Lemon <jlemon@flugsvamp.com>
Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>,
	Jonathan Lemon <jlemon@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/lib/libc/gen glob.c 
In-Reply-To: Your message of "Thu, 15 Mar 2001 13:25:03 CST."
             <20010315132503.D82645@prism.flugsvamp.com> 
Date: Thu, 15 Mar 2001 20:32:32 +0100
Message-ID: <8030.984684752@critter>
From: Poul-Henning Kamp <phk@critter.freebsd.dk>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In message <20010315132503.D82645@prism.flugsvamp.com>, Jonathan Lemon writes:

>If you want to try this out, ftp to your machine, and then perform
>'ls */../*/../*/../*/../*/../*/../*';  this will cause ftpd to start
>chewing up all memory and cpu.

I belive glob should (optionally) refuse patterns where ".." elements
are separated by anything other than ".".

In other words:

	"../../../../foo" = OK
	".././../././../foo" = OK
	"../barf/.." = BAD

--
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message