| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Dec 2008 11:13:12 -0500
From: Steven Rostedt <srostedt@...hat.com>
To: George Spelvin <linux@...izon.com>
Cc: peterz@...radead.org, andi@...stfloor.org, tj@...nel.org,
linux-kernel@...r.kernel.org
Subject: Re: [RFC] globmatch() helper function
On Wed, 2008-12-17 at 11:04 -0500, George Spelvin wrote:
>
> The problem is, what if some future thoughtless person feeds user data
> into the pattern argument?
>
> I could just take support for non-trailing * out entirely. That would be
> a different sort of documentation burden.
>
> Or I could just add an explicit 2-level stack. If you overflow the stack,
> matching always fails. Unfortunately, the code will be larger.
>
> Do people think that would be, on balance, better? It would be plenty
> good enough for the blacklist application.
Having a static function do the work and pass in a "depth" parameter
should be sufficient. As Andi mentioned, a depth of 10 should be plenty.
Like this:
static bool
globmatch_internal(const char *pat, const char *str, int depth)
{
if (depth > 10)
return false;
[...]
while (!globmatch_internal(pat+1, str, depth+1))
[...]
}
bool globmatch(const char *pat, const char *str)
{
return globmatch_internal(pat, str, 0);
}
Make sure you include a "Signed-off-by:" as well.
-- Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists