mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2024-11-21 01:16:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

fnmatch: insist on escaped bracket to match

Browse Source 
A non-escaped bracket ([) is for a character group - as documented. It
will *not* match an individual bracket anymore. Test case 1307 updated
accordingly to match.

Problem detected by OSS-Fuzz, although this fix is probably not a final
fix for the notorious timeout issues.

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8525
Closes #2614
This commit is contained in:
Daniel Stenberg 2018-05-27 23:24:27 +02:00
parent 8541d02c96
commit 6482773d30
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
2 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/curl_fnmatch.c
View File

@ -334,9 +334,9 @@ static int loop(const unsigned char *pattern, const unsigned char *string,
s++; s++;
break; break;
} }
/* Syntax error in set; mismatch! */
return CURL_FNMATCH_NOMATCH;
/* Syntax error in set: this must be taken as a regular character. */
/* FALLTHROUGH */
default: default:
if(*p++ != *s++) if(*p++ != *s++)
return CURL_FNMATCH_NOMATCH; return CURL_FNMATCH_NOMATCH;

17
tests/unit/unit1307.c
View File

@ -34,9 +34,17 @@ struct testcase {
static const struct testcase tests[] = { static const struct testcase tests[] = {
/* brackets syntax */ /* brackets syntax */
{"*[*[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
"[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
"[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[\001\177[[[[[[[[[[[[[[[[[[[[[",
"[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
"[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[["
"[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[",
NOMATCH},
{ "\\[", "[", MATCH }, { "\\[", "[", MATCH },
{ "[", "[", MATCH }, { "[", "[", NOMATCH },
{ "[]", "[]", MATCH }, { "[]", "[]", NOMATCH },
{ "[][]", "[", MATCH }, { "[][]", "[", MATCH },
{ "[][]", "]", MATCH }, { "[][]", "]", MATCH },
{ "[[]", "[", MATCH }, { "[[]", "[", MATCH },
@ -230,8 +238,9 @@ UNITTEST_START
for(i = 0; i < testnum; i++) { for(i = 0; i < testnum; i++) {
rc = Curl_fnmatch(NULL, tests[i].pattern, tests[i].string); rc = Curl_fnmatch(NULL, tests[i].pattern, tests[i].string);
if(rc != tests[i].result) { if(rc != tests[i].result) {
printf("Curl_fnmatch(\"%s\", \"%s\") should return %d (returns %d)\n", printf("Curl_fnmatch(\"%s\", \"%s\") should return %d (returns %d)"
tests[i].pattern, tests[i].string, tests[i].result, rc); " [%d]\n",
tests[i].pattern, tests[i].string, tests[i].result, rc, i);
fail("pattern mismatch"); fail("pattern mismatch");
} }
} }