Return-Path: X-Original-To: apmail-apr-dev-archive@www.apache.org Delivered-To: apmail-apr-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C07D392C7 for ; Tue, 6 Dec 2011 20:48:56 +0000 (UTC) Received: (qmail 17273 invoked by uid 500); 6 Dec 2011 20:48:56 -0000 Delivered-To: apmail-apr-dev-archive@apr.apache.org Received: (qmail 17187 invoked by uid 500); 6 Dec 2011 20:48:56 -0000 Mailing-List: contact dev-help@apr.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Id: Delivered-To: mailing list dev@apr.apache.org Received: (qmail 17179 invoked by uid 99); 6 Dec 2011 20:48:56 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Dec 2011 20:48:56 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [173.201.192.109] (HELO p3plsmtpa06-08.prod.phx3.secureserver.net) (173.201.192.109) by apache.org (qpsmtpd/0.29) with SMTP; Tue, 06 Dec 2011 20:48:48 +0000 Received: (qmail 32089 invoked from network); 6 Dec 2011 20:48:27 -0000 Received: from unknown (64.125.181.79) by p3plsmtpa06-08.prod.phx3.secureserver.net (173.201.192.109) with ESMTP; 06 Dec 2011 20:48:27 -0000 Message-ID: <4EDE7F9A.6080603@rowe-clan.net> Date: Tue, 06 Dec 2011 12:48:26 -0800 From: "William A. Rowe Jr." User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20111105 Thunderbird/8.0 MIME-Version: 1.0 To: dev@apr.apache.org Subject: Re: [PATCH] charclass matching and input check for fnmatch References: <20111206123630.GO22898@ted.stsp.name> In-Reply-To: <20111206123630.GO22898@ted.stsp.name> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 12/6/2011 4:36 AM, Stefan Sperling wrote: > @@ -207,6 +274,10 @@ APR_DECLARE(int) apr_fnmatch(const char *pattern, > const char *mismatch = NULL; > int matchlen = 0; > > + if (strnlen(pattern, APR_PATH_MAX) == APR_PATH_MAX || > + strnlen(string, APR_PATH_MAX) == APR_PATH_MAX) > + return (APR_FNM_NOMATCH); > + I'm not certain if we can presume strnlen() without a feature test? Also I'd benchmark this against comparing the offset to a max offset in the code... numeric vs string pre-counting.