CVS commit: src/crypto/external/bsd/openssh/dist

[Christos Zoulas]

Module Name:    src
Committed By:   christos
Date:           Tue Jul  6 15:09:42 UTC 2010

Modified Files:
        src/crypto/external/bsd/openssh/dist: sftp-glob.c sftp.c

Log Message:
Add GLOB_LIMIT to the glob calls to prevent DoS attacks.


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssh/dist/sftp-glob.c \
    src/crypto/external/bsd/openssh/dist/sftp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/crypto/external/bsd/openssh/dist/sftp-glob.c
diff -u src/crypto/external/bsd/openssh/dist/sftp-glob.c:1.2 src/crypto/external/bsd/openssh/dist/sftp-glob.c:1.3
--- src/crypto/external/bsd/openssh/dist/sftp-glob.c:1.2	Sun Jun  7 18:38:47 2009
+++ src/crypto/external/bsd/openssh/dist/sftp-glob.c	Tue Jul  6 11:09:41 2010
@@ -1,4 +1,4 @@
-/*	$NetBSD: sftp-glob.c,v 1.2 2009/06/07 22:38:47 christos Exp $	*/
+/*	$NetBSD: sftp-glob.c,v 1.3 2010/07/06 15:09:41 christos Exp $	*/
 /* $OpenBSD: sftp-glob.c,v 1.22 2006/08/03 03:34:42 deraadt Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller <d...@openbsd.org>
@@ -17,7 +17,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: sftp-glob.c,v 1.2 2009/06/07 22:38:47 christos Exp $");
+__RCSID("$NetBSD: sftp-glob.c,v 1.3 2010/07/06 15:09:41 christos Exp $");
 #include <sys/types.h>
 #include <sys/stat.h>
 
@@ -121,5 +121,5 @@
 	memset(&cur, 0, sizeof(cur));
 	cur.conn = conn;
 
-	return(glob(pattern, flags | GLOB_ALTDIRFUNC, errfunc, pglob));
+	return(glob(pattern, flags|GLOB_ALTDIRFUNC|GLOB_LIMIT, errfunc, pglob));
 }
Index: src/crypto/external/bsd/openssh/dist/sftp.c
diff -u src/crypto/external/bsd/openssh/dist/sftp.c:1.2 src/crypto/external/bsd/openssh/dist/sftp.c:1.3
--- src/crypto/external/bsd/openssh/dist/sftp.c:1.2	Sun Jun  7 18:38:47 2009
+++ src/crypto/external/bsd/openssh/dist/sftp.c	Tue Jul  6 11:09:41 2010
@@ -1,4 +1,4 @@
-/*	$NetBSD: sftp.c,v 1.2 2009/06/07 22:38:47 christos Exp $	*/
+/*	$NetBSD: sftp.c,v 1.3 2010/07/06 15:09:41 christos Exp $	*/
 /* $OpenBSD: sftp.c,v 1.107 2009/02/02 11:15:14 dtucker Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller <d...@openbsd.org>
@@ -17,7 +17,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: sftp.c,v 1.2 2009/06/07 22:38:47 christos Exp $");
+__RCSID("$NetBSD: sftp.c,v 1.3 2010/07/06 15:09:41 christos Exp $");
 #include <sys/types.h>
 #include <sys/ioctl.h>
 #include <sys/wait.h>
@@ -556,7 +556,7 @@
 
 	memset(&g, 0, sizeof(g));
 	debug3("Looking up %s", src);
-	if (glob(src, GLOB_NOCHECK, NULL, &g)) {
+	if (glob(src, GLOB_NOCHECK|GLOB_LIMIT, NULL, &g)) {
 		error("File \"%s\" not found.", src);
 		err = -1;
 		goto out;