[illumos-Developer] Webrev for bug 323: Need fix for glob() resource exhaustion

[Gary Mills]

On Tue, Jun 07, 2011 at 10:52:47AM -0500, Andrew M. Hettinger wrote:
> 
>    Gary Mills <mills at cc.umanitoba.ca> wrote on 06/07/2011 10:41:07 AM:
>    >
>    > On Tue, Jun 07, 2011 at 05:45:31AM -0700, Garrett D'Amore wrote:
>    > > Ick. Of these, only ftpd and sshd really that interesting...
>    >
>    > I've been reading the usr/src/cmd/ssh source. Globbing is only used
>    > in the `sftp' client, making this not a security issue. I'm still
>    > developing a fix but only to keep the source up to date.
>    >
>    Is all of this globbing code essentially 10 different implementations
>    of the same thing?
>    Can't we eliminate most of them?
>    Then we would have one implementation to worry about, only one point
>    in the code for bug fixes and improvements (not that I'm overly
>    expecting many feature improvements in the globbing code).

I took a quick look at the Solaris and Openbsd versions of glob.h.
Both do have the same prototype, but that's where the usage similarity
ends.  The flags, the flag values, and the `glob_t' structure are all
different.  They are incompatible at both the source and binary
levels.  `ssh' seems only to be portable because it carrys along a
boatload of openbsd library functions.

I do recommend that the Solaris FTP server be replaced with something
more modern.

-- 
-Gary Mills-        -Unix Group-        -Computer and Network Services-