curl_fnmatch: only allow two asterisks for matching #2587

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
1 participant
@bagder
Member

bagder commented May 18, 2018

The previous limit of 5 can still end up in situation that takes a very
long time and consumes a lot of CPU.

If there is still a rare use case for this, a user can provide their own
fnmatch callback for a version that allows a larger set of wildcards.

This commit was triggered by yet another OSS-Fuzz timeout due to this.

curl_fnmatch: only allow two asterisks for matching
The previous limit of 5 can still end up in situation that takes a very
long time and consumes a lot of CPU.

If there is still a rare use case for this, a user can provide their own
fnmatch callback for a version that allows a larger set of wildcards.

This commit was triggered by yet another OSS-Fuzz timeout due to this.

@bagder bagder closed this in 404c885 May 18, 2018

@bagder bagder deleted the bagder/fnmatch-limit-wildcard branch May 18, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment