diff options
Diffstat (limited to 'src/path/filepath/match.go')
-rw-r--r-- | src/path/filepath/match.go | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/path/filepath/match.go b/src/path/filepath/match.go index c77a26952a..55ed1d75ae 100644 --- a/src/path/filepath/match.go +++ b/src/path/filepath/match.go @@ -241,6 +241,16 @@ func getEsc(chunk string) (r rune, nchunk string, err error) { // The only possible returned error is ErrBadPattern, when pattern // is malformed. func Glob(pattern string) (matches []string, err error) { + return globWithLimit(pattern, 0) +} + +func globWithLimit(pattern string, depth int) (matches []string, err error) { + // This limit is used prevent stack exhaustion issues. See CVE-2022-30632. + const pathSeparatorsLimit = 10000 + if depth == pathSeparatorsLimit { + return nil, ErrBadPattern + } + // Check pattern is well-formed. if _, err := Match(pattern, ""); err != nil { return nil, err @@ -270,7 +280,7 @@ func Glob(pattern string) (matches []string, err error) { } var m []string - m, err = Glob(dir) + m, err = globWithLimit(dir, depth+1) if err != nil { return } |