On 12/7/2011 1:12 PM, Stefan Sperling wrote: > On Tue, Dec 06, 2011 at 12:48:26PM -0800, William A. Rowe Jr. wrote: >> On 12/6/2011 4:36 AM, Stefan Sperling wrote: >>> @@ -207,6 +274,10 @@ APR_DECLARE(int) apr_fnmatch(const char *pattern, >>> const char *mismatch = NULL; >>> int matchlen = 0; >>> >>> + if (strnlen(pattern, APR_PATH_MAX) == APR_PATH_MAX || >>> + strnlen(string, APR_PATH_MAX) == APR_PATH_MAX) >>> + return (APR_FNM_NOMATCH); >>> + >> >> I'm not certain if we can presume strnlen() without a feature >> test? Also I'd benchmark this against comparing the offset to >> a max offset in the code... numeric vs string pre-counting. > > Fair enough. I'll look into that. > > Can the classmatch bits go in without this strnlen check in the meantime?
As long as the appropriate change is made to NOTICE, I am +1, the license appears group-A fully compatible.
