Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [netbsd-5-0] src

Module Name:    src
Committed By:   riz
Date:           Mon Jul 19 18:15:18 UTC 2010

Modified Files:
        src/crypto/dist/ssh [netbsd-5-0]: sftp-glob.c sftp.c
        src/lib/libc/gen [netbsd-5-0]: glob.3 glob.c

Log Message:
Pull up following revision(s) (requested by christos in ticket #1430):
        lib/libc/gen/glob.c: revision 1.25
        lib/libc/gen/glob.c: revision 1.26
        lib/libc/gen/glob.3: revision 1.37
        crypto/dist/ssh/sftp.c: patch
        crypto/dist/ssh/sftp-glob.c: patch
Add GLOB_LIMIT to the glob calls to prevent DoS attacks.
Apply more limits to GLOB_LIMIT, number of stat(2) calls from me and number
of readdir(3) calls from Maksymilian Arciemowicz. Also reduce the memory
used by matches strings from Maksymilian Arciemowicz.
Avoid DoS attacks for patterns that have braces. Noted by Maksymilian
XXX: Pullup to 5.x

To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.13.28.1 src/crypto/dist/ssh/sftp-glob.c
cvs rdiff -u -r1.23 -r1.23.12.1 src/crypto/dist/ssh/sftp.c
cvs rdiff -u -r1.32 -r1.32.14.1 src/lib/libc/gen/glob.3
cvs rdiff -u -r1.23 -r1.23.10.1 src/lib/libc/gen/glob.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Home | Main Index | Thread Index | Old Index