mirror of
https://git.libssh.org/projects/libssh.git
synced 2026-02-11 18:50:28 +09:00
6d74aa6138
The specially crafted patterns (from configuration files) could cause exhaustive search or timeouts. Previous attempts to fix this by limiting recursion to depth 16 avoided stack overflow, but not timeouts. This is due to the backtracking, which caused the exponential time complexity O(N^16) of existing algorithm. This is code comes from the same function from OpenSSH, where this code originates from, which is not having this issue (due to not limiting the number of recursion), but will also easily exhaust stack due to unbound recursion:05bcd0cadfThis is an attempt to simplify the algorithm by preventing the backtracking to previous wildcard, which should keep the same behavior for existing inputs while reducing the complexity to linear O(N*M). This fixes the long-term issue we had with fuzzing as well as recently reported security issue by Kang Yang. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Pavol Žáčik <pzacik@redhat.com> (cherry picked from commita411de5ce8)