Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <aOXE4XtoReSZvZja@raf.org>
Date: Wed, 8 Oct 2025 12:56:49 +1100
From: raf <musl@....org>
To: musl@...ts.openwall.com
Subject: Re: [PATCH] fnmatch: fix infinite loop when pattern is
 non-character byte

On Mon, Oct 06, 2025 at 09:40:36PM -0400, Rich Felker <dalias@...c.org> wrote:

> On Sat, Oct 04, 2025 at 10:54:13PM +1000, raf wrote:
> > Hi,
> > 
> > fnmatch() enters an infinite loop if the pattern is the non-character byte
> > '\xf8'. This patch fixes it by stepping over the invalid byte.
> 
> This does not sound like a correct fix. The UNMATCHABLE return from
> pat_next should produce an immediate FNM_NOMATCH return, not resume
> parsing in an invalid location.

There are 2 calls to pat_next where the UNMATCHABLE return value
results in the caller returning FNM_NOMATCH. These calls are in
fnmatch_internal().

There are 2 more calls to pat_next() in fnmatch_internal() and 1
more in fnmatch() where the caller doesn't check for UNMATCHABLE
and then return FNM_NOMATCH.

Attached is a patch that adds the 3 missing checks for UNMATCHABLE.

> For future submissions, could you also please include patch
> descriptions in the same email as the patch itself rather than
> degenerate 2-mail threads? That helps make it so we can reply to both
> the description/motivation and the actual code changes in a single
> reply mail without manually copy-pasting from multiple mails and
> picking a place to stitch it into the thread.

Sure. I was using git send-email. I won't do that anymore.

> Rich

cheers,
raf


View attachment "0001-fnmatch-fix-infinite-loop-when-pattern-is-non-charac.patch" of type "text/x-diff" (1595 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.