From owner-freebsd-arch  Wed Jul 25 19:47:42 2001
Delivered-To: freebsd-arch@freebsd.org
Received: from iatl0x01.coxmail.com (iatl0x02.coxmail.com [206.157.225.11])
	by hub.freebsd.org (Postfix) with ESMTP
	id 67C7437B408; Wed, 25 Jul 2001 19:47:32 -0700 (PDT)
	(envelope-from mheffner@novacoxmail.com)
Received: from enterprise.muriel.penguinpowered.com ([209.249.161.66])
          by iatl0x01.coxmail.com
          (InterMail vK.4.03.02.00 201-232-124 license eaa2928f5bcba31507d4d280f1027278)
          with ESMTP
          id <20010726024733.DFLK27239.iatl0x01@enterprise.muriel.penguinpowered.com>;
          Wed, 25 Jul 2001 22:47:33 -0400
Message-ID: <XFMail.20010725224518.mheffner@novacoxmail.com>
X-Mailer: XFMail 1.5.0 on FreeBSD
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/signed;
 boundary="_=XFMail.1.5.0.FreeBSD:20010725224518:8043=_";
 micalg=pgp-md5; protocol="application/pgp-signature"
In-Reply-To: <5ly9pduge0.fsf@assaris.sics.se>
Date: Wed, 25 Jul 2001 22:45:18 -0400 (EDT)
Reply-To: Mike Heffner <mheffner@vt.edu>
From: Mike Heffner <mheffner@novacoxmail.com>
To: Assar Westerlund <assar@FreeBSD.ORG>
Subject: Re: Making glob(3) portable (was Re: Importing lukemftpd)
Cc: arch@FreeBSD.ORG
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG

This message is in MIME format
--_=XFMail.1.5.0.FreeBSD:20010725224518:8043=_
Content-Type: text/plain; charset=us-ascii


On 25-Jul-2001 Assar Westerlund wrote:
| Mike Heffner <mheffner@novacoxmail.com> writes:
| 
|> IMO, removing GLOB_LIMITHIT, or whatever, and just using GLOB_NOSPACE with
|> errno=0 would be the first step in the direction of portability.
| 
| Sure, we can do that.

How's the following patch look:


Index: include/glob.h
===================================================================
RCS file: /home/ncvs/src/include/glob.h,v
retrieving revision 1.4
diff -u -r1.4 glob.h
--- include/glob.h      2001/03/19 19:10:06     1.4
+++ include/glob.h      2001/07/26 02:45:43
@@ -77,11 +77,13 @@
 #define        GLOB_NOMAGIC    0x0200  /* GLOB_NOCHECK without magic chars
(csh). */
 #define        GLOB_QUOTE      0x0400  /* Quote special chars with \. */
 #define        GLOB_TILDE      0x0800  /* Expand tilde names from the passwd
file. */
-#define        GLOB_MAXPATH    0x1000  /* limit number of returned paths */
+#define        GLOB_LIMIT      0x1000  /* limit number of returned paths */
 
+/* backwards compatibility, this is the old name for this option */
+#define GLOB_MAXPATH   GLOB_LIMIT
+
 #define        GLOB_NOSPACE    (-1)    /* Malloc call failed. */
 #define        GLOB_ABEND      (-2)    /* Unignored error. */
-#define        GLOB_LIMIT      (-3)    /* Path limit was hit. */
 
 __BEGIN_DECLS
 int    glob __P((const char *, int, int (*)(const char *, int), glob_t *));
Index: lib/libc/gen/glob.3
===================================================================
RCS file: /home/ncvs/src/lib/libc/gen/glob.3,v
retrieving revision 1.16
diff -u -r1.16 glob.3
--- lib/libc/gen/glob.3 2001/07/15 07:53:04     1.16
+++ lib/libc/gen/glob.3 2001/07/26 02:45:43
@@ -260,14 +260,13 @@
 Expand patterns that start with
 .Ql ~
 to user name home directories.
-.It Dv GLOB_MAXPATH
+.It Dv GLOB_LIMIT
 Limit the total number of returned pathnames to the value provided in
-.Fa gl_matchc .
-If
-.Fn glob
-would match more pathnames,
-.Dv GLOB_LIMIT
-will be returned.
+.Fa gl_matchc
+(default ARG_MAX).
+This option should be set for programs that can be coerced to a denial of
service
+attack via patterns that expand to a very large number of matches, such as a
long
+string of */../*/..
 .El
 .Pp
 If, during the search, a directory is encountered that cannot be opened
@@ -377,21 +376,19 @@
 .Aq Pa glob.h :
 .Bl -tag -width GLOB_NOCHECK
 .It Dv GLOB_NOSPACE
-An attempt to allocate memory failed.
+An attempt to allocate memory failed, or if
+.Fa errno
+was 0
+.Dv GLOB_LIMIT
+was specified in the flags and
+.Fa pglob\->gl_matchc
+or more patterns were patched.
 .It Dv GLOB_ABEND
 The scan was stopped because an error was encountered and either
 .Dv GLOB_ERR
 was set or
 .Fa \*(lp*errfunc\*(rp\*(lp\*(rp
 returned non-zero.
-.It Dv GLOB_LIMIT
-The flag
-.Dv GLOB_MAXPATH
-was provided, and the specified limit passed to
-.Fn glob
-in
-.Fa pglob\->gl_matchc
-was reached.
 .El
 .Pp
 The arguments
@@ -427,8 +424,8 @@
 that the flags
 .Dv GLOB_ALTDIRFUNC ,
 .Dv GLOB_BRACE ,
+.Dv GLOB_LIMIT ,
 .Dv GLOB_MAGCHAR ,
-.Dv GLOB_MAXPATH ,
 .Dv GLOB_NOMAGIC ,
 .Dv GLOB_QUOTE ,
 and
Index: lib/libc/gen/glob.c
===================================================================
RCS file: /home/ncvs/src/lib/libc/gen/glob.c,v
retrieving revision 1.17
diff -u -r1.17 glob.c
--- lib/libc/gen/glob.c 2001/03/28 23:55:51     1.17
+++ lib/libc/gen/glob.c 2001/07/26 02:45:45
@@ -170,9 +170,11 @@
                if (!(flags & GLOB_DOOFFS))
                        pglob->gl_offs = 0;
        }
-       if (flags & GLOB_MAXPATH)
+       if (flags & GLOB_LIMIT) {
                limit = pglob->gl_matchc;
-       else
+               if (limit == 0)
+                       limit = ARG_MAX;
+       } else
                limit = 0;
        pglob->gl_flags = flags & ~GLOB_MAGCHAR;
        pglob->gl_errfunc = errfunc;
@@ -687,8 +689,10 @@
        char *copy;
        const Char *p;
 
-       if (*limit && pglob->gl_pathc > *limit)
-               return (GLOB_LIMIT);
+       if (*limit && pglob->gl_pathc > *limit) {
+               errno = 0;
+               return (GLOB_NOSPACE);
+       }
 
        newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs);
        pathv = pglob->gl_pathv ?
Index: libexec/ftpd/ftpd.c
===================================================================
RCS file: /home/ncvs/src/libexec/ftpd/ftpd.c,v
retrieving revision 1.78
diff -u -r1.78 ftpd.c
--- libexec/ftpd/ftpd.c 2001/07/09 17:46:24     1.78
+++ libexec/ftpd/ftpd.c 2001/07/26 02:45:51
@@ -2658,7 +2658,7 @@
 
                memset(&gl, 0, sizeof(gl));
                gl.gl_matchc = MAXGLOBARGS;
-               flags |= GLOB_MAXPATH;
+               flags |= GLOB_LIMIT;
                freeglob = 1;
                if (glob(whichf, flags, 0, &gl)) {
                        reply(550, "not found");
Index: libexec/ftpd/popen.c
===================================================================
RCS file: /home/ncvs/src/libexec/ftpd/popen.c,v
retrieving revision 1.20
diff -u -r1.20 popen.c
--- libexec/ftpd/popen.c        2001/03/19 19:11:00     1.20
+++ libexec/ftpd/popen.c        2001/07/26 02:45:51
@@ -108,7 +108,7 @@
 
                memset(&gl, 0, sizeof(gl));
                gl.gl_matchc = MAXGLOBARGS;
-               flags |= GLOB_MAXPATH;
+               flags |= GLOB_LIMIT;
                if (glob(argv[argc], flags, NULL, &gl))
                        gargv[gargc++] = strdup(argv[argc]);
                else



Mike

-- 
  Mike Heffner         <mheffner@[acm.]vt.edu>
  Fredericksburg, VA       <mikeh@FreeBSD.org>


--_=XFMail.1.5.0.FreeBSD:20010725224518:8043=_
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7X4Q9FokZQs3sv5kRAlopAJ9g8AGULI7ro7+ATmsqDvpfQKsY8QCghFiY
9vjdx3G27nnALHVxxVSxgOQ=
=lJTd
-----END PGP SIGNATURE-----

--_=XFMail.1.5.0.FreeBSD:20010725224518:8043=_--
End of MIME message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message