diff options
author | Andreas Schwab <schwab@suse.de> | 2014-06-18 11:58:45 +0200 |
---|---|---|
committer | Tulio Magno Quites Machado Filho <tuliom@linux.vnet.ibm.com> | 2015-11-24 11:34:14 -0200 |
commit | 60f10f2326aa47c7f49b752c1730e084b2319aa7 (patch) | |
tree | f911ca084fdf57babafba4cfa7c9fda421a506ca | |
parent | 83e9e8b0464dcff36930b8bb53d04ac3b551b5a3 (diff) | |
download | glibc-60f10f2326aa47c7f49b752c1730e084b2319aa7.tar.gz glibc-60f10f2326aa47c7f49b752c1730e084b2319aa7.tar.xz glibc-60f10f2326aa47c7f49b752c1730e084b2319aa7.zip |
Don't read past end of pattern in fnmatch (BZ #17062)
(cherry picked from commit b3a9f56ba59c3d8eadd3135a1c25c37a63151450) Conflicts: NEWS posix/Makefile
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | posix/Makefile | 2 | ||||
-rw-r--r-- | posix/fnmatch_loop.c | 13 | ||||
-rw-r--r-- | posix/tst-fnmatch3.c | 30 |
5 files changed, 44 insertions, 13 deletions
diff --git a/ChangeLog b/ChangeLog index a7207b1b65..4502ab2b78 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2015-11-24 Andreas Schwab <schwab@suse.de> + + [BZ #17062] + * posix/fnmatch_loop.c (FCT): Rerrange loop for skipping over rest + of a bracket expr not to run off the end of the string. + * posix/Makefile (tests): Add tst-fnmatch3. + * posix/tst-fnmatch3.c: New file. + 2015-04-29 Florian Weimer <fweimer@redhat.com> [BZ #18007] diff --git a/NEWS b/NEWS index e00543f14f..c9cce289ed 100644 --- a/NEWS +++ b/NEWS @@ -10,8 +10,8 @@ Version 2.19.1 * The following bugs are resolved with this release: 15946, 16545, 16574, 16623, 16657, 16695, 16743, 16878, 16882, 16885, - 16916, 16932, 16943, 16958, 17048, 17069, 17079, 17137, 17153, 17213, - 17263, 17269, 17325, 17555, 18007, 18032, 18287. + 16916, 16932, 16943, 16958, 17048, 17062, 17069, 17079, 17137, 17153, + 17213, 17263, 17269, 17325, 17555, 18007, 18032, 18287. * A buffer overflow in gethostbyname_r and related functions performing DNS requests has been fixed. If the NSS functions were called with a diff --git a/posix/Makefile b/posix/Makefile index 9dd5fa47ff..8f6e6b5ef1 100644 --- a/posix/Makefile +++ b/posix/Makefile @@ -86,7 +86,7 @@ tests := tstgetopt testfnm runtests runptests \ tst-getaddrinfo3 tst-fnmatch2 tst-cpucount tst-cpuset \ bug-getopt1 bug-getopt2 bug-getopt3 bug-getopt4 \ bug-getopt5 tst-getopt_long1 bug-regex34 bug-regex35 \ - tst-pathconf tst-getaddrinfo4 bug-regex36 + tst-pathconf tst-getaddrinfo4 bug-regex36 tst-fnmatch3 xtests := bug-ga2 ifeq (yes,$(build-shared)) test-srcs := globtest diff --git a/posix/fnmatch_loop.c b/posix/fnmatch_loop.c index f11d0f1a1f..733cccbb09 100644 --- a/posix/fnmatch_loop.c +++ b/posix/fnmatch_loop.c @@ -899,11 +899,8 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used) matched: /* Skip the rest of the [...] that already matched. */ - do + while ((c = *p++) != L (']')) { - ignore_next: - c = *p++; - if (c == L('\0')) /* [... (unterminated) loses. */ return FNM_NOMATCH; @@ -931,12 +928,11 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used) if (c < L('a') || c >= L('z')) { - p = startp; - goto ignore_next; + p = startp - 2; + break; } } p += 2; - c = *p++; } else if (c == L('[') && *p == L('=')) { @@ -947,7 +943,6 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used) if (c != L('=') || p[1] != L(']')) return FNM_NOMATCH; p += 2; - c = *p++; } else if (c == L('[') && *p == L('.')) { @@ -961,10 +956,8 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used) break; } p += 2; - c = *p++; } } - while (c != L(']')); if (not) return FNM_NOMATCH; } diff --git a/posix/tst-fnmatch3.c b/posix/tst-fnmatch3.c new file mode 100644 index 0000000000..2a83c1bfb7 --- /dev/null +++ b/posix/tst-fnmatch3.c @@ -0,0 +1,30 @@ +/* Test for fnmatch not reading past the end of the pattern. + Copyright (C) 2014 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <http://www.gnu.org/licenses/>. */ + +#include <fnmatch.h> + +int +do_test (void) +{ + const char *pattern = "[[:alpha:]'[:alpha:]\0]"; + + return fnmatch (pattern, "a", 0) != FNM_NOMATCH; +} + +#define TEST_FUNCTION do_test () +#include "../test-skeleton.c" |