New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

curl_fnmatch: only allow two asterisks for matching #2587

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
1 participant
@bagder
Member

bagder commented May 18, 2018

The previous limit of 5 can still end up in situation that takes a very
long time and consumes a lot of CPU.

If there is still a rare use case for this, a user can provide their own
fnmatch callback for a version that allows a larger set of wildcards.

This commit was triggered by yet another OSS-Fuzz timeout due to this.

curl_fnmatch: only allow two asterisks for matching
The previous limit of 5 can still end up in situation that takes a very
long time and consumes a lot of CPU.

If there is still a rare use case for this, a user can provide their own
fnmatch callback for a version that allows a larger set of wildcards.

This commit was triggered by yet another OSS-Fuzz timeout due to this.

@bagder bagder closed this in 404c885 May 18, 2018

@bagder bagder deleted the bagder/fnmatch-limit-wildcard branch May 18, 2018

@lock lock bot locked as resolved and limited conversation to collaborators Aug 16, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.