diff options
author | Andreas Schwab <schwab@linux-m68k.org> | 2022-01-18 16:31:39 +0100 |
---|---|---|
committer | Andreas Schwab <schwab@linux-m68k.org> | 2022-01-24 17:13:33 +0100 |
commit | 8442f0d966da5a9333e961af9e98b41aabdd9f1b (patch) | |
tree | a2d119ef37abe3e91b5e53822e52e289419d4711 | |
parent | realpath: Avoid overwriting preexisting error (CVE-2021-3998) (diff) | |
download | glibc-8442f0d966da5a9333e961af9e98b41aabdd9f1b.tar.gz glibc-8442f0d966da5a9333e961af9e98b41aabdd9f1b.tar.bz2 glibc-8442f0d966da5a9333e961af9e98b41aabdd9f1b.zip |
Fix handling of unterminated bracket expressions in fnmatch (bug 28792)
When fnmatch processes a bracket expression, and eventually finds it to be
unterminated, it should rescan it, treating the starting bracket as a
normal character. That didn't happen when a matching character was found
while scanning the bracket expression.
-rw-r--r-- | posix/Makefile | 2 | ||||
-rw-r--r-- | posix/fnmatch_loop.c | 9 | ||||
-rw-r--r-- | posix/tst-fnmatch7.c | 37 |
3 files changed, 45 insertions, 3 deletions
diff --git a/posix/Makefile b/posix/Makefile index 24d8bfd303..831759c59f 100644 --- a/posix/Makefile +++ b/posix/Makefile @@ -101,7 +101,7 @@ tests := test-errno tstgetopt testfnm runtests runptests \ bug-getopt5 tst-getopt_long1 bug-regex34 bug-regex35 \ tst-pathconf tst-rxspencer-no-utf8 \ tst-fnmatch3 bug-regex36 \ - tst-fnmatch4 tst-fnmatch5 tst-fnmatch6 \ + tst-fnmatch4 tst-fnmatch5 tst-fnmatch6 tst-fnmatch7 \ tst-posix_spawn-fd tst-posix_spawn-setsid \ tst-posix_fadvise tst-posix_fadvise64 \ tst-sysconf-empty-chroot tst-glob_symlinks tst-fexecve \ diff --git a/posix/fnmatch_loop.c b/posix/fnmatch_loop.c index cab4e1b684..9445ed9c58 100644 --- a/posix/fnmatch_loop.c +++ b/posix/fnmatch_loop.c @@ -823,8 +823,13 @@ FCT (const CHAR *pattern, const CHAR *string, const CHAR *string_end, while ((c = *p++) != L_(']')) { if (c == L_('\0')) - /* [... (unterminated) loses. */ - return FNM_NOMATCH; + { + /* [ unterminated, treat as normal character. */ + p = p_init; + n = n_init; + c = L_('['); + goto normal_match; + } if (!(flags & FNM_NOESCAPE) && c == L_('\\')) { diff --git a/posix/tst-fnmatch7.c b/posix/tst-fnmatch7.c new file mode 100644 index 0000000000..eda1bf9704 --- /dev/null +++ b/posix/tst-fnmatch7.c @@ -0,0 +1,37 @@ +/* Test for fnmatch handling of unterminated bracket expression (bug 28792) + Copyright (C) 2022 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <https://www.gnu.org/licenses/>. */ + +#include <fnmatch.h> +#include <support/check.h> + +static int +do_test (void) +{ + /* An unterminated bracket expression should be rescanned, treating the + open bracket as a normal character. The backslash causes the close + bracket to be treated as a normal character, not ending the bracket + expression. */ + TEST_VERIFY (fnmatch ("[", "[", 0) == 0); + TEST_VERIFY (fnmatch ("[[", "[[", 0) == 0); + TEST_VERIFY (fnmatch ("[\\]", "[]", 0) == 0); + TEST_VERIFY (fnmatch ("[[\\]", "[[]", 0) == 0); + + return 0; +} + +#include <support/test-driver.c> |