summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schwab <schwab@linux-m68k.org>2022-01-18 16:31:39 +0100
committerAndreas Schwab <schwab@linux-m68k.org>2022-01-24 17:13:33 +0100
commit8442f0d966da5a9333e961af9e98b41aabdd9f1b (patch)
treea2d119ef37abe3e91b5e53822e52e289419d4711
parentrealpath: Avoid overwriting preexisting error (CVE-2021-3998) (diff)
downloadglibc-8442f0d966da5a9333e961af9e98b41aabdd9f1b.tar.gz
glibc-8442f0d966da5a9333e961af9e98b41aabdd9f1b.tar.bz2
glibc-8442f0d966da5a9333e961af9e98b41aabdd9f1b.zip
Fix handling of unterminated bracket expressions in fnmatch (bug 28792)
When fnmatch processes a bracket expression, and eventually finds it to be unterminated, it should rescan it, treating the starting bracket as a normal character. That didn't happen when a matching character was found while scanning the bracket expression.
-rw-r--r--posix/Makefile2
-rw-r--r--posix/fnmatch_loop.c9
-rw-r--r--posix/tst-fnmatch7.c37
3 files changed, 45 insertions, 3 deletions
diff --git a/posix/Makefile b/posix/Makefile
index 24d8bfd303..831759c59f 100644
--- a/posix/Makefile
+++ b/posix/Makefile
@@ -101,7 +101,7 @@ tests := test-errno tstgetopt testfnm runtests runptests \
bug-getopt5 tst-getopt_long1 bug-regex34 bug-regex35 \
tst-pathconf tst-rxspencer-no-utf8 \
tst-fnmatch3 bug-regex36 \
- tst-fnmatch4 tst-fnmatch5 tst-fnmatch6 \
+ tst-fnmatch4 tst-fnmatch5 tst-fnmatch6 tst-fnmatch7 \
tst-posix_spawn-fd tst-posix_spawn-setsid \
tst-posix_fadvise tst-posix_fadvise64 \
tst-sysconf-empty-chroot tst-glob_symlinks tst-fexecve \
diff --git a/posix/fnmatch_loop.c b/posix/fnmatch_loop.c
index cab4e1b684..9445ed9c58 100644
--- a/posix/fnmatch_loop.c
+++ b/posix/fnmatch_loop.c
@@ -823,8 +823,13 @@ FCT (const CHAR *pattern, const CHAR *string, const CHAR *string_end,
while ((c = *p++) != L_(']'))
{
if (c == L_('\0'))
- /* [... (unterminated) loses. */
- return FNM_NOMATCH;
+ {
+ /* [ unterminated, treat as normal character. */
+ p = p_init;
+ n = n_init;
+ c = L_('[');
+ goto normal_match;
+ }
if (!(flags & FNM_NOESCAPE) && c == L_('\\'))
{
diff --git a/posix/tst-fnmatch7.c b/posix/tst-fnmatch7.c
new file mode 100644
index 0000000000..eda1bf9704
--- /dev/null
+++ b/posix/tst-fnmatch7.c
@@ -0,0 +1,37 @@
+/* Test for fnmatch handling of unterminated bracket expression (bug 28792)
+ Copyright (C) 2022 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <fnmatch.h>
+#include <support/check.h>
+
+static int
+do_test (void)
+{
+ /* An unterminated bracket expression should be rescanned, treating the
+ open bracket as a normal character. The backslash causes the close
+ bracket to be treated as a normal character, not ending the bracket
+ expression. */
+ TEST_VERIFY (fnmatch ("[", "[", 0) == 0);
+ TEST_VERIFY (fnmatch ("[[", "[[", 0) == 0);
+ TEST_VERIFY (fnmatch ("[\\]", "[]", 0) == 0);
+ TEST_VERIFY (fnmatch ("[[\\]", "[[]", 0) == 0);
+
+ return 0;
+}
+
+#include <support/test-driver.c>