Date: Wed, 25 Jul 2001 22:45:18 -0400 (EDT) From: Mike Heffner <mheffner@novacoxmail.com> To: Assar Westerlund <assar@FreeBSD.ORG> Cc: arch@FreeBSD.ORG Subject: Re: Making glob(3) portable (was Re: Importing lukemftpd) Message-ID: <XFMail.20010725224518.mheffner@novacoxmail.com> In-Reply-To: <5ly9pduge0.fsf@assaris.sics.se>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format
--_=XFMail.1.5.0.FreeBSD:20010725224518:8043=_
Content-Type: text/plain; charset=us-ascii
On 25-Jul-2001 Assar Westerlund wrote:
| Mike Heffner <mheffner@novacoxmail.com> writes:
|
|> IMO, removing GLOB_LIMITHIT, or whatever, and just using GLOB_NOSPACE with
|> errno=0 would be the first step in the direction of portability.
|
| Sure, we can do that.
How's the following patch look:
Index: include/glob.h
===================================================================
RCS file: /home/ncvs/src/include/glob.h,v
retrieving revision 1.4
diff -u -r1.4 glob.h
--- include/glob.h 2001/03/19 19:10:06 1.4
+++ include/glob.h 2001/07/26 02:45:43
@@ -77,11 +77,13 @@
#define GLOB_NOMAGIC 0x0200 /* GLOB_NOCHECK without magic chars
(csh). */
#define GLOB_QUOTE 0x0400 /* Quote special chars with \. */
#define GLOB_TILDE 0x0800 /* Expand tilde names from the passwd
file. */
-#define GLOB_MAXPATH 0x1000 /* limit number of returned paths */
+#define GLOB_LIMIT 0x1000 /* limit number of returned paths */
+/* backwards compatibility, this is the old name for this option */
+#define GLOB_MAXPATH GLOB_LIMIT
+
#define GLOB_NOSPACE (-1) /* Malloc call failed. */
#define GLOB_ABEND (-2) /* Unignored error. */
-#define GLOB_LIMIT (-3) /* Path limit was hit. */
__BEGIN_DECLS
int glob __P((const char *, int, int (*)(const char *, int), glob_t *));
Index: lib/libc/gen/glob.3
===================================================================
RCS file: /home/ncvs/src/lib/libc/gen/glob.3,v
retrieving revision 1.16
diff -u -r1.16 glob.3
--- lib/libc/gen/glob.3 2001/07/15 07:53:04 1.16
+++ lib/libc/gen/glob.3 2001/07/26 02:45:43
@@ -260,14 +260,13 @@
Expand patterns that start with
.Ql ~
to user name home directories.
-.It Dv GLOB_MAXPATH
+.It Dv GLOB_LIMIT
Limit the total number of returned pathnames to the value provided in
-.Fa gl_matchc .
-If
-.Fn glob
-would match more pathnames,
-.Dv GLOB_LIMIT
-will be returned.
+.Fa gl_matchc
+(default ARG_MAX).
+This option should be set for programs that can be coerced to a denial of
service
+attack via patterns that expand to a very large number of matches, such as a
long
+string of */../*/..
.El
.Pp
If, during the search, a directory is encountered that cannot be opened
@@ -377,21 +376,19 @@
.Aq Pa glob.h :
.Bl -tag -width GLOB_NOCHECK
.It Dv GLOB_NOSPACE
-An attempt to allocate memory failed.
+An attempt to allocate memory failed, or if
+.Fa errno
+was 0
+.Dv GLOB_LIMIT
+was specified in the flags and
+.Fa pglob\->gl_matchc
+or more patterns were patched.
.It Dv GLOB_ABEND
The scan was stopped because an error was encountered and either
.Dv GLOB_ERR
was set or
.Fa \*(lp*errfunc\*(rp\*(lp\*(rp
returned non-zero.
-.It Dv GLOB_LIMIT
-The flag
-.Dv GLOB_MAXPATH
-was provided, and the specified limit passed to
-.Fn glob
-in
-.Fa pglob\->gl_matchc
-was reached.
.El
.Pp
The arguments
@@ -427,8 +424,8 @@
that the flags
.Dv GLOB_ALTDIRFUNC ,
.Dv GLOB_BRACE ,
+.Dv GLOB_LIMIT ,
.Dv GLOB_MAGCHAR ,
-.Dv GLOB_MAXPATH ,
.Dv GLOB_NOMAGIC ,
.Dv GLOB_QUOTE ,
and
Index: lib/libc/gen/glob.c
===================================================================
RCS file: /home/ncvs/src/lib/libc/gen/glob.c,v
retrieving revision 1.17
diff -u -r1.17 glob.c
--- lib/libc/gen/glob.c 2001/03/28 23:55:51 1.17
+++ lib/libc/gen/glob.c 2001/07/26 02:45:45
@@ -170,9 +170,11 @@
if (!(flags & GLOB_DOOFFS))
pglob->gl_offs = 0;
}
- if (flags & GLOB_MAXPATH)
+ if (flags & GLOB_LIMIT) {
limit = pglob->gl_matchc;
- else
+ if (limit == 0)
+ limit = ARG_MAX;
+ } else
limit = 0;
pglob->gl_flags = flags & ~GLOB_MAGCHAR;
pglob->gl_errfunc = errfunc;
@@ -687,8 +689,10 @@
char *copy;
const Char *p;
- if (*limit && pglob->gl_pathc > *limit)
- return (GLOB_LIMIT);
+ if (*limit && pglob->gl_pathc > *limit) {
+ errno = 0;
+ return (GLOB_NOSPACE);
+ }
newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs);
pathv = pglob->gl_pathv ?
Index: libexec/ftpd/ftpd.c
===================================================================
RCS file: /home/ncvs/src/libexec/ftpd/ftpd.c,v
retrieving revision 1.78
diff -u -r1.78 ftpd.c
--- libexec/ftpd/ftpd.c 2001/07/09 17:46:24 1.78
+++ libexec/ftpd/ftpd.c 2001/07/26 02:45:51
@@ -2658,7 +2658,7 @@
memset(&gl, 0, sizeof(gl));
gl.gl_matchc = MAXGLOBARGS;
- flags |= GLOB_MAXPATH;
+ flags |= GLOB_LIMIT;
freeglob = 1;
if (glob(whichf, flags, 0, &gl)) {
reply(550, "not found");
Index: libexec/ftpd/popen.c
===================================================================
RCS file: /home/ncvs/src/libexec/ftpd/popen.c,v
retrieving revision 1.20
diff -u -r1.20 popen.c
--- libexec/ftpd/popen.c 2001/03/19 19:11:00 1.20
+++ libexec/ftpd/popen.c 2001/07/26 02:45:51
@@ -108,7 +108,7 @@
memset(&gl, 0, sizeof(gl));
gl.gl_matchc = MAXGLOBARGS;
- flags |= GLOB_MAXPATH;
+ flags |= GLOB_LIMIT;
if (glob(argv[argc], flags, NULL, &gl))
gargv[gargc++] = strdup(argv[argc]);
else
Mike
--
Mike Heffner <mheffner@[acm.]vt.edu>
Fredericksburg, VA <mikeh@FreeBSD.org>
--_=XFMail.1.5.0.FreeBSD:20010725224518:8043=_
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE7X4Q9FokZQs3sv5kRAlopAJ9g8AGULI7ro7+ATmsqDvpfQKsY8QCghFiY
9vjdx3G27nnALHVxxVSxgOQ=
=lJTd
-----END PGP SIGNATURE-----
--_=XFMail.1.5.0.FreeBSD:20010725224518:8043=_--
End of MIME message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.20010725224518.mheffner>