Remove hard glob limit since the CVE introducing this one is unrelated.

This commit is contained in:
Jakub Jelen 2016-02-02 08:33:10 +01:00
parent b2b837ad97
commit 700da17374
2 changed files with 0 additions and 29 deletions

View File

@ -1,26 +0,0 @@
diff -up openssh-5.8p1/sftp-glob.c.glob openssh-5.8p1/sftp-glob.c
--- openssh-5.8p1/sftp-glob.c.glob 2011-03-07 20:17:34.000000000 +0100
+++ openssh-5.8p1/sftp-glob.c 2011-03-07 20:18:47.000000000 +0100
@@ -145,5 +145,5 @@ remote_glob(struct sftp_conn *conn, cons
memset(&cur, 0, sizeof(cur));
cur.conn = conn;
- return(glob(pattern, flags | GLOB_ALTDIRFUNC, errfunc, pglob));
+ return(glob(pattern, flags | GLOB_LIMIT | GLOB_ALTDIRFUNC, errfunc, pglob));
}
diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c
index 742b4b9..acae399 100644
--- a/openbsd-compat/glob.c
+++ b/openbsd-compat/glob.c
@@ -130,8 +130,8 @@ typedef char Char;
#define M_CLASS META(':')
#define ismeta(c) (((c)&M_QUOTE) != 0)
-#define GLOB_LIMIT_MALLOC 65536
-#define GLOB_LIMIT_STAT 128
+#define GLOB_LIMIT_MALLOC 65536*64
+#define GLOB_LIMIT_STAT 128*64
#define GLOB_LIMIT_READDIR 16384
/* Limit of recursion during matching attempts. */

View File

@ -131,8 +131,6 @@ Patch502: openssh-6.6p1-keycat.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1644
Patch601: openssh-6.6p1-allow-ip-opts.patch
#http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c.diff?r1=1.13&r2=1.13.12.1&f=h
Patch603: openssh-5.8p1-glob.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1893
Patch604: openssh-6.6p1-keyperm.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1925
@ -428,7 +426,6 @@ popd
%patch502 -p1 -b .keycat
%patch601 -p1 -b .ip-opts
%patch603 -p1 -b .glob
%patch604 -p1 -b .keyperm
%patch606 -p1 -b .ipv6man
%patch607 -p1 -b .sigpipe