Skip to content
Unverified Commit 404c8850 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

curl_fnmatch: only allow two asterisks for matching

The previous limit of 5 can still end up in situation that takes a very
long time and consumes a lot of CPU.

If there is still a rare use case for this, a user can provide their own
fnmatch callback for a version that allows a larger set of wildcards.

This commit was triggered by yet another OSS-Fuzz timeout due to this.
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8369

Closes #2587
parent 27aebcc1
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment