Date: Mon, 12 Sep 2005 22:33:02 GMT From: Gerd Rausch <gerd@juniper.net> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/86038: glob(3) function GLOB_BRACE flaw Message-ID: <200509122233.j8CMX2Rw058941@www.freebsd.org> Resent-Message-ID: <200509122240.j8CMeMTw016722@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 86038
>Category: misc
>Synopsis: glob(3) function GLOB_BRACE flaw
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Sep 12 22:40:22 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Gerd Rausch
>Release: 4.10, 4.11
>Organization:
Juniper Networks, Inc.
>Environment:
>Description:
The libc glob function had a bug that when using
csh-style GLOB_BRACE: the part of the pattern preceeding a square
bracket was skipped. This was caused by re-using "pl" inside an
inner loop, whereas "pl" was needed later on again.
I guess that bug remained undiscovered since many people don't use
GLOB_BRACE with libc's glob function; shells (csh, zsh, etc.) have
their own implementation.
>How-To-Repeat:
Compile & use: "{.[!.],..?,}*"
>Fix:
--- glob.c- Wed Sep 18 07:13:31 2002
+++ glob.c Mon Sep 12 15:29:11 2005
@@ -247,7 +247,7 @@
{
int i;
Char *lm, *ls;
- const Char *pe, *pm, *pl;
+ const Char *pe, *pm, *pl, *pl2;
Char patbuf[MAXPATHLEN];
/* copy part up to the brace */
@@ -288,14 +288,14 @@
switch (*pm) {
case LBRACKET:
/* Ignore everything between [] */
- for (pl = pm++; *pm != RBRACKET && *pm != EOS; pm++)
+ for (pl2 = pm++; *pm != RBRACKET && *pm != EOS; pm++)
continue;
if (*pm == EOS) {
/*
* We could not find a matching RBRACKET.
* Ignore and just look for RBRACE
*/
- pm = pl;
+ pm = pl2;
}
break;
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200509122233.j8CMX2Rw058941>