Module Name: src Committed By: christos Date: Tue Jul 6 15:09:42 UTC 2010
Modified Files: src/crypto/external/bsd/openssh/dist: sftp-glob.c sftp.c Log Message: Add GLOB_LIMIT to the glob calls to prevent DoS attacks. To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssh/dist/sftp-glob.c \ src/crypto/external/bsd/openssh/dist/sftp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/crypto/external/bsd/openssh/dist/sftp-glob.c diff -u src/crypto/external/bsd/openssh/dist/sftp-glob.c:1.2 src/crypto/external/bsd/openssh/dist/sftp-glob.c:1.3 --- src/crypto/external/bsd/openssh/dist/sftp-glob.c:1.2 Sun Jun 7 18:38:47 2009 +++ src/crypto/external/bsd/openssh/dist/sftp-glob.c Tue Jul 6 11:09:41 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: sftp-glob.c,v 1.2 2009/06/07 22:38:47 christos Exp $ */ +/* $NetBSD: sftp-glob.c,v 1.3 2010/07/06 15:09:41 christos Exp $ */ /* $OpenBSD: sftp-glob.c,v 1.22 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <d...@openbsd.org> @@ -17,7 +17,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: sftp-glob.c,v 1.2 2009/06/07 22:38:47 christos Exp $"); +__RCSID("$NetBSD: sftp-glob.c,v 1.3 2010/07/06 15:09:41 christos Exp $"); #include <sys/types.h> #include <sys/stat.h> @@ -121,5 +121,5 @@ memset(&cur, 0, sizeof(cur)); cur.conn = conn; - return(glob(pattern, flags | GLOB_ALTDIRFUNC, errfunc, pglob)); + return(glob(pattern, flags|GLOB_ALTDIRFUNC|GLOB_LIMIT, errfunc, pglob)); } Index: src/crypto/external/bsd/openssh/dist/sftp.c diff -u src/crypto/external/bsd/openssh/dist/sftp.c:1.2 src/crypto/external/bsd/openssh/dist/sftp.c:1.3 --- src/crypto/external/bsd/openssh/dist/sftp.c:1.2 Sun Jun 7 18:38:47 2009 +++ src/crypto/external/bsd/openssh/dist/sftp.c Tue Jul 6 11:09:41 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: sftp.c,v 1.2 2009/06/07 22:38:47 christos Exp $ */ +/* $NetBSD: sftp.c,v 1.3 2010/07/06 15:09:41 christos Exp $ */ /* $OpenBSD: sftp.c,v 1.107 2009/02/02 11:15:14 dtucker Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <d...@openbsd.org> @@ -17,7 +17,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: sftp.c,v 1.2 2009/06/07 22:38:47 christos Exp $"); +__RCSID("$NetBSD: sftp.c,v 1.3 2010/07/06 15:09:41 christos Exp $"); #include <sys/types.h> #include <sys/ioctl.h> #include <sys/wait.h> @@ -556,7 +556,7 @@ memset(&g, 0, sizeof(g)); debug3("Looking up %s", src); - if (glob(src, GLOB_NOCHECK, NULL, &g)) { + if (glob(src, GLOB_NOCHECK|GLOB_LIMIT, NULL, &g)) { error("File \"%s\" not found.", src); err = -1; goto out;