[src/netbsd-1-4]: src/libexec/ftpd Pull up revision 1.24 (requested by christ...

[he <he%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/6a2fe7e60351
branches:  netbsd-1-4
changeset: 471279:6a2fe7e60351
user:      he <he%NetBSD.org@localhost>
date:      Sun Apr 01 16:08:21 2001 +0000

description:
Pull up revision 1.24 (requested by christos):
  Fixes buffer overflow problems in glob(3).  Adds and uses GLOB_LIMIT
  to prevent denial of service attacks.

diffstat:

 libexec/ftpd/popen.c |  6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diffs (27 lines):

diff -r 49ee3659dc62 -r 6a2fe7e60351 libexec/ftpd/popen.c
--- a/libexec/ftpd/popen.c      Sun Apr 01 16:08:06 2001 +0000
+++ b/libexec/ftpd/popen.c      Sun Apr 01 16:08:21 2001 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: popen.c,v 1.13 1999/02/24 16:45:13 explorer Exp $      */
+/*     $NetBSD: popen.c,v 1.13.2.1 2001/04/01 16:08:21 he Exp $        */
 
 /*
  * Copyright (c) 1988, 1993, 1994
@@ -42,7 +42,7 @@
 #if 0
 static char sccsid[] = "@(#)popen.c    8.3 (Berkeley) 4/6/94";
 #else
-__RCSID("$NetBSD: popen.c,v 1.13 1999/02/24 16:45:13 explorer Exp $");
+__RCSID("$NetBSD: popen.c,v 1.13.2.1 2001/04/01 16:08:21 he Exp $");
 #endif
 #endif /* not lint */
 
@@ -131,7 +131,7 @@
        gargv[0] = argv[0];
        for (gargc = argc = 1; argv[argc]; argc++) {
                glob_t gl;
-               int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_TILDE;
+               int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_TILDE|GLOB_LIMIT;
 
                memset(&gl, 0, sizeof(gl));
                if (glob(argv[argc], flags, NULL, &gl)) {