Overview

File libapr1-apr_fnmatch_c-CVE-2011-1928.patch of Package libapr1

diff -ruN ../apr-1.3.3.orig/strings/apr_fnmatch.c ./strings/apr_fnmatch.c
--- ../apr-1.3.3.orig/strings/apr_fnmatch.c	2011-06-24 14:52:09.000000000 +0200
+++ ./strings/apr_fnmatch.c	2011-06-24 14:53:14.000000000 +0200
@@ -195,7 +195,10 @@
     const char *mismatch = NULL;
     int matchlen = 0;
 
-    while (*pattern)
+    if (*pattern == '*')
+        goto firstsegment;
+
+    while (*pattern && *string)
     {
         /* Match balanced slashes, starting a new segment pattern
          */
@@ -206,6 +209,7 @@
             ++string;
         }            
 
+firstsegment:
         /* At the beginning of each segment, validate leading period behavior.
          */
         if ((flags & APR_FNM_PERIOD) && (*string == '.'))
@@ -360,9 +364,9 @@
             return APR_FNM_NOMATCH;
     }
 
-    /* pattern is at EOS; if string is also, declare success
+    /* Where both pattern and string are at EOS, declare success
      */
-    if (!*string)
+    if (!*string && !*pattern)
         return 0;
 
     /* pattern didn't match to the end of string */
openSUSE Build Service is sponsored by
Places