Hi Paul,
> I agree that applications should set reasonable memory limits, but
> this is still a bug in glob, because glob should not return duplicates.
> For example, the pattern {.,.} should match just ".", not two instances
> of "." as it does now.
POSIX describes glob() in a way that precludes returning duplicates.
But the braces are a GNU extension, and the doc
<http://www.gnu.org/software/libc/manual/html_mono/libc.html>
is pretty clear that {..,..} _will_ generate duplicates.
> Filtering out duplicates would not fix all possible denial-of-service
> attacks, but it will help
It does not help much. The expansion size is still exponential in the input
size:
$ mkdir a b c d e f g h i j
$ echo * | wc
1 10 20
$ echo */../* | wc
1 100 700
$ echo */../*/../* | wc
1 1000 12000
$ echo */../*/../*/../* | wc
1 10000 170000
$ echo */../*/../*/../*/../* | wc
1 100000 2200000
And even if "../" is disallowed, expanding */*/*/*/*/*/* on a large ftp
server will also generate thousands of file names.
Bruno
