[src/trunk]: src/lib/libc/gen Implement GLOB_LIMIT that limits number of matc...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/b6016832e48a
branches:  trunk
changeset: 507204:b6016832e48a
user:      christos <christos%NetBSD.org@localhost>
date:      Fri Mar 16 20:34:08 2001 +0000

description:
Implement GLOB_LIMIT that limits number of matches to ARG_MAX.

diffstat:

 lib/libc/gen/__glob13.c |   9 +++++++--
 lib/libc/gen/glob.3     |  20 +++++++++++++++++---
 2 files changed, 24 insertions(+), 5 deletions(-)

diffs (79 lines):

diff -r 1a0fc26706ca -r b6016832e48a lib/libc/gen/__glob13.c
--- a/lib/libc/gen/__glob13.c   Fri Mar 16 20:13:58 2001 +0000
+++ b/lib/libc/gen/__glob13.c   Fri Mar 16 20:34:08 2001 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: __glob13.c,v 1.14 2000/10/16 04:12:55 erh Exp $        */
+/*     $NetBSD: __glob13.c,v 1.15 2001/03/16 20:34:08 christos Exp $   */
 
 /*
  * Copyright (c) 1989, 1993
@@ -41,7 +41,7 @@
 #if 0
 static char sccsid[] = "@(#)glob.c     8.3 (Berkeley) 10/13/93";
 #else
-__RCSID("$NetBSD: __glob13.c,v 1.14 2000/10/16 04:12:55 erh Exp $");
+__RCSID("$NetBSD: __glob13.c,v 1.15 2001/03/16 20:34:08 christos Exp $");
 #endif
 #endif /* LIBC_SCCS and not lint */
 
@@ -719,6 +719,11 @@
        _DIAGASSERT(path != NULL);
        _DIAGASSERT(pglob != NULL);
 
+       if ((pglob->gl_flags & GLOB_LIMIT) && pglob->gl_pathc >= ARG_MAX) {
+               errno = 0;
+               return(GLOB_NOSPACE);
+       }
+
        newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs);
        pathv = pglob->gl_pathv ? 
                    realloc(pglob->gl_pathv, newsize) :
diff -r 1a0fc26706ca -r b6016832e48a lib/libc/gen/glob.3
--- a/lib/libc/gen/glob.3       Fri Mar 16 20:13:58 2001 +0000
+++ b/lib/libc/gen/glob.3       Fri Mar 16 20:34:08 2001 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: glob.3,v 1.15 1998/06/19 22:53:57 kleink Exp $
+.\"    $NetBSD: glob.3,v 1.16 2001/03/16 20:34:08 christos Exp $
 .\"
 .\" Copyright (c) 1989, 1991, 1993, 1994
 .\"    The Regents of the University of California.  All rights reserved.
@@ -256,6 +256,13 @@
 Expand patterns that start with
 .Ql ~
 to user name home directories.
+.It Dv GLOB_LIMIT
+Limit the number of matches returned to
+.Li ARG_MAX
+This option should be set for programs that can be coerced to a denial of
+service attack via patterns that expand to a very large number of matches,
+such as a long string of 
+.Li */../*/..
 .El
 .Pp
 If, during the search, a directory is encountered that cannot be opened
@@ -387,7 +394,13 @@
 was not set int
 .Dv flags .
 .It Dv GLOB_NOSPACE
-An attempt to allocate memory failed.
+An attempt to allocate memory failed, or if
+.Va errno 
+was 0
+.Li GLOB_LIMIT
+was specified in the flags and
+.Li ARG_MAX
+patterns were matched.
 .El
 .Pp
 The historical
@@ -437,8 +450,9 @@
 .Dv GLOB_BRACE
 .Dv GLOB_MAGCHAR,
 .Dv GLOB_NOMAGIC,
+.Dv GLOB_TILDE,
 and
-.Dv GLOB_TILDE,
+.Dv GLOB_LIMIT
 and the fields
 .Fa gl_matchc
 and