]> granicus.if.org Git - musl/commit
make globfree safe after failed glob from over-length argument
authorRich Felker <dalias@aerifal.cx>
Tue, 3 Jan 2017 00:47:12 +0000 (19:47 -0500)
committerRich Felker <dalias@aerifal.cx>
Tue, 3 Jan 2017 00:47:12 +0000 (19:47 -0500)
commit769f53598e781ffc89191520f3f8a93cb58db91f
tree47c26bac9a6a34937f8afe15bbed32140c3bed6f
parent61fb81e3959ecf0848eef8d2767bb80ae5d1a68e
make globfree safe after failed glob from over-length argument

commit 0dc99ac413d8bc054a2e95578475c7122455eee8 added input length
checking to avoid unsafe VLA allocation, but put it in the wrong
place, before the glob_t structure was zeroed out. while POSIX isn't
clear on whether it's permitted to call globfree after glob failed
with GLOB_NOSPACE, making it safe is clearly better than letting
uninitialized pointers get passed to free in non-conforming callers.

while we're fixing this, change strlen check to the idiomatic strnlen
version to avoid unbounded input scanning before returning an error.
src/regex/glob.c