From: Ilia Alshanetsky <iliaa@php.net>
Date: Sun, 2 May 2010 19:34:21 +0000 (+0000)
Subject: - Fixed a possible stack exaustion inside fnmatch(). Reporeted by Stefan Esser
X-Git-Tag: php-5.2.14RC1~34
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c3d73d417a4ac66bdf464da1d76e50cedb97be3b;p=php

- Fixed a possible stack exaustion inside fnmatch(). Reporeted by Stefan Esser
---

diff --git a/NEWS b/NEWS
index a52393d738..7b9a08b6e4 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,8 @@ PHP                                                                        NEWS
 
 - Updated timezone database to version 2010.5. (Derick)
 
+- Fixed a possible stack exaustion inside fnmatch(). Reporeted by Stefan
+  Esser (Ilia)
 - Reset error state in PDO::beginTransaction() reset error state. (Ilia)
 - Fixed a NULL pointer dereference when processing invalid XML-RPC
   requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
diff --git a/ext/standard/file.c b/ext/standard/file.c
index 6fd1a4d960..24179aa76e 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -2551,6 +2551,10 @@ PHP_FUNCTION(fnmatch)
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename exceeds the maximum allowed length of %d characters", MAXPATHLEN);
 		RETURN_FALSE;
 	}
+	if (pattern_len >= MAXPATHLEN) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Pattern exceeds the maximum allowed length of %d characters", MAXPATHLEN);
+		RETURN_FALSE;
+	}
 
 	RETURN_BOOL( ! fnmatch( pattern, filename, flags ));
 }