[PATCH] ash: improve / fix glob expansion

Felix Fietkau nbd at nbd.name
Tue Jan 31 18:55:56 UTC 2017 

On 2017-01-31 19:42, Denys Vlasenko wrote:
> On Sun, Jan 29, 2017 at 2:14 PM, Felix Fietkau <nbd at nbd.name> wrote:
>> When using musl libc glob() a very long string can cause glob() to fail,
>> which leads to an out of memory error being raised by ash.
> 
> But it works with glibc glob(), right?
It works, but it's rather inefficient.

> So other programs will also be affected.
I'm not aware of other programs passing arbitrary strings to glob() that
usually aren't filenames but sometimes might be.

> Let's fix it in musl (at least there;
I don't think musl needs to be fixed. You should never pass a string
longer than PATH_MAX to glob() anyway, since it's not possible to get a
valid result from that.

> your patch does make sense
> to use anyways since it prevents
> 
>     echo "*************"
> 
> from being needlessly passed to glob(), right?
Correct. I reproduced this bug with some shell code that was dealing
with long json strings that contain []. Passing those to glob()
definitely makes the code slower.

> commit 0dc99ac413d8bc054a2e95578475c7122455eee8
> Author: Rich Felker <dalias at aerifal.cx>
> Date:   Sun Jun 5 19:29:52 2011 -0400
> 
>     safety fix for glob's vla usage: disallow patterns longer than PATH_MAX
> 
>     this actually inadvertently disallows some valid patterns with
>     redundant / or * characters, but it's better than allowing unbounded
>     vla allocation.
> 
>     eventually i'll write code to move the pattern to the stack and
>     eliminate redundancy to ensure that it fits in PATH_MAX at the
>     beginning of glob. this would also allow it to be modified in place
>     for passing to fnmatch rather than copied at each level of recursion.
> 
> diff --git a/src/regex/glob.c b/src/regex/glob.c
> index 9a70f0b..67f84bc 100644
> --- a/src/regex/glob.c
> +++ b/src/regex/glob.c
> @@ -171,6 +171,8 @@ int glob(const char *pat, int flags, int
> (*errfunc)(const char *path, int err),
>                 d = "";
>         }
> 
> +       if (strlen(p) > PATH_MAX) return GLOB_NOSPACE;
> 
> 
> This sounds like musl having an implementation difficulty.
I'd say this is a reasonable restriction to simplify the implementation.

- Felix

More information about the busybox mailing list