On Tue, Dec 06, 2011 at 12:48:26PM -0800, William A. Rowe Jr. wrote: > On 12/6/2011 4:36 AM, Stefan Sperling wrote: > > @@ -207,6 +274,10 @@ APR_DECLARE(int) apr_fnmatch(const char *pattern, > > const char *mismatch = NULL; > > int matchlen = 0; > > > > + if (strnlen(pattern, APR_PATH_MAX) == APR_PATH_MAX || > > + strnlen(string, APR_PATH_MAX) == APR_PATH_MAX) > > + return (APR_FNM_NOMATCH); > > + > > I'm not certain if we can presume strnlen() without a feature > test? Also I'd benchmark this against comparing the offset to > a max offset in the code... numeric vs string pre-counting.
Fair enough. I'll look into that. Can the classmatch bits go in without this strnlen check in the meantime?
