Re: glob resource exhaustion [CVE-2010-2632]

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: glob resource exhaustion [CVE-2010-2632]

From:	Paul Eggert
Subject:	Re: glob resource exhaustion [CVE-2010-2632]
Date:	Wed, 13 Oct 2010 15:49:27 -0700
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.12) Gecko/20100915 Thunderbird/3.0.8

On 10/13/10 15:38, Bruno Haible wrote:
> But why should this be a bug in libc? There are many functions in libc that
> can allocate an arbitrary amount of memory.

I agree that applications should set reasonable memory limits, but
this is still a bug in glob, because glob should not return duplicates.
For example, the pattern {.,.} should match just ".", not two instances
of "." as it does now.  Just as the pattern x**y should not generate
multiple occurrences of "xfooy" merely because there are multiple ways
to match "xfooy", the pattern {.,.} should not generate multiple occurrences
of "." merely because there are multiple ways to match ".".

Filtering out duplicates would not fix all possible denial-of-service
attacks, but it will help, and it should be done anyway, because users
don't expect glob to return duplicates.

[Prev in Thread]

Current Thread

[Next in Thread]

glob resource exhaustion [CVE-2010-2632], Mike Frysinger, 2010/10/13
- Re: glob resource exhaustion [CVE-2010-2632], Bruno Haible, 2010/10/13
  - Re: glob resource exhaustion [CVE-2010-2632], Paul Eggert <=
    - Re: glob resource exhaustion [CVE-2010-2632], Bruno Haible, 2010/10/13
    - Re: glob resource exhaustion [CVE-2010-2632], Paul Eggert, 2010/10/13
  - Re: glob resource exhaustion [CVE-2010-2632], Mike Frysinger, 2010/10/13

Prev by Date: Re: glob resource exhaustion [CVE-2010-2632]
Next by Date: Re: glob resource exhaustion [CVE-2010-2632]
Previous by thread: Re: glob resource exhaustion [CVE-2010-2632]
Next by thread: Re: glob resource exhaustion [CVE-2010-2632]
Index(es):
- Date
- Thread