This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[COMMITTED 2.19] Don't read past end of pattern in fnmatch (BZ #17062)
- From: "Tulio Magno Quites Machado Filho" <tuliom at linux dot vnet dot ibm dot com>
- To: libc-alpha at sourceware dot org
- Cc: Andreas Schwab <schwab at suse dot de>
- Date: Tue, 24 Nov 2015 11:43:04 -0200
- Subject: [COMMITTED 2.19] Don't read past end of pattern in fnmatch (BZ #17062)
- Authentication-results: sourceware.org; auth=none
From: Andreas Schwab <schwab@suse.de>
(cherry picked from commit b3a9f56ba59c3d8eadd3135a1c25c37a63151450)
Conflicts:
NEWS
posix/Makefile
---
ChangeLog | 8 ++++++++
NEWS | 4 ++--
posix/Makefile | 2 +-
posix/fnmatch_loop.c | 13 +++----------
posix/tst-fnmatch3.c | 30 ++++++++++++++++++++++++++++++
5 files changed, 44 insertions(+), 13 deletions(-)
create mode 100644 posix/tst-fnmatch3.c
diff --git a/ChangeLog b/ChangeLog
index a7207b1..4502ab2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2015-11-24 Andreas Schwab <schwab@suse.de>
+
+ [BZ #17062]
+ * posix/fnmatch_loop.c (FCT): Rerrange loop for skipping over rest
+ of a bracket expr not to run off the end of the string.
+ * posix/Makefile (tests): Add tst-fnmatch3.
+ * posix/tst-fnmatch3.c: New file.
+
2015-04-29 Florian Weimer <fweimer@redhat.com>
[BZ #18007]
diff --git a/NEWS b/NEWS
index e00543f..c9cce28 100644
--- a/NEWS
+++ b/NEWS
@@ -10,8 +10,8 @@ Version 2.19.1
* The following bugs are resolved with this release:
15946, 16545, 16574, 16623, 16657, 16695, 16743, 16878, 16882, 16885,
- 16916, 16932, 16943, 16958, 17048, 17069, 17079, 17137, 17153, 17213,
- 17263, 17269, 17325, 17555, 18007, 18032, 18287.
+ 16916, 16932, 16943, 16958, 17048, 17062, 17069, 17079, 17137, 17153,
+ 17213, 17263, 17269, 17325, 17555, 18007, 18032, 18287.
* A buffer overflow in gethostbyname_r and related functions performing DNS
requests has been fixed. If the NSS functions were called with a
diff --git a/posix/Makefile b/posix/Makefile
index 9dd5fa4..8f6e6b5 100644
--- a/posix/Makefile
+++ b/posix/Makefile
@@ -86,7 +86,7 @@ tests := tstgetopt testfnm runtests runptests \
tst-getaddrinfo3 tst-fnmatch2 tst-cpucount tst-cpuset \
bug-getopt1 bug-getopt2 bug-getopt3 bug-getopt4 \
bug-getopt5 tst-getopt_long1 bug-regex34 bug-regex35 \
- tst-pathconf tst-getaddrinfo4 bug-regex36
+ tst-pathconf tst-getaddrinfo4 bug-regex36 tst-fnmatch3
xtests := bug-ga2
ifeq (yes,$(build-shared))
test-srcs := globtest
diff --git a/posix/fnmatch_loop.c b/posix/fnmatch_loop.c
index f11d0f1..733cccb 100644
--- a/posix/fnmatch_loop.c
+++ b/posix/fnmatch_loop.c
@@ -899,11 +899,8 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used)
matched:
/* Skip the rest of the [...] that already matched. */
- do
+ while ((c = *p++) != L (']'))
{
- ignore_next:
- c = *p++;
-
if (c == L('\0'))
/* [... (unterminated) loses. */
return FNM_NOMATCH;
@@ -931,12 +928,11 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used)
if (c < L('a') || c >= L('z'))
{
- p = startp;
- goto ignore_next;
+ p = startp - 2;
+ break;
}
}
p += 2;
- c = *p++;
}
else if (c == L('[') && *p == L('='))
{
@@ -947,7 +943,6 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used)
if (c != L('=') || p[1] != L(']'))
return FNM_NOMATCH;
p += 2;
- c = *p++;
}
else if (c == L('[') && *p == L('.'))
{
@@ -961,10 +956,8 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used)
break;
}
p += 2;
- c = *p++;
}
}
- while (c != L(']'));
if (not)
return FNM_NOMATCH;
}
diff --git a/posix/tst-fnmatch3.c b/posix/tst-fnmatch3.c
new file mode 100644
index 0000000..2a83c1b
--- /dev/null
+++ b/posix/tst-fnmatch3.c
@@ -0,0 +1,30 @@
+/* Test for fnmatch not reading past the end of the pattern.
+ Copyright (C) 2014 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <fnmatch.h>
+
+int
+do_test (void)
+{
+ const char *pattern = "[[:alpha:]'[:alpha:]\0]";
+
+ return fnmatch (pattern, "a", 0) != FNM_NOMATCH;
+}
+
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"
--
2.1.0