44 lines
1.6 KiB
Diff
44 lines
1.6 KiB
Diff
From f9a14b026c5c771a0bc89e204f96d7ca4d112db6 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
|
Date: Wed, 12 Jul 2023 21:47:56 +0200
|
|
Subject: [PATCH 4/6] Limit glob length to avoid stack overflow in glob(3)
|
|
|
|
Limit the supported length of glob pattern to 2048 to avoid stack
|
|
overflows inside glob(3) due to recursion.
|
|
|
|
Reported-by: blu3sh0rk
|
|
(cherry picked from commit 0271501ae37b1455b98abc00b9bb77096610462b)
|
|
---
|
|
config.c | 8 ++++++++
|
|
1 file changed, 8 insertions(+)
|
|
|
|
diff --git a/config.c b/config.c
|
|
index 38ef0b0..b213b38 100644
|
|
--- a/config.c
|
|
+++ b/config.c
|
|
@@ -1787,6 +1787,7 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
|
|
newlog->numFiles = 0;
|
|
for (argNum = 0; argNum < argc; argNum++) {
|
|
char **tmp;
|
|
+ size_t argLen = strlen(argv[argNum]);
|
|
int rc;
|
|
glob_t globResult;
|
|
|
|
@@ -1795,6 +1796,13 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
|
|
globerr_msg = NULL;
|
|
}
|
|
|
|
+ if (argLen > 2048) {
|
|
+ message(MESS_ERROR, "%s:%d glob too long (%zu > 2048)\n",
|
|
+ configFile, lineNum, argLen);
|
|
+ logerror = 1;
|
|
+ continue;
|
|
+ }
|
|
+
|
|
rc = glob(argv[argNum], GLOB_NOCHECK
|
|
#ifdef GLOB_TILDE
|
|
| GLOB_TILDE
|
|
--
|
|
2.49.0
|
|
|