bin/116074: [libc] fnmatch() does not handle FNM_PERIOD correctly

[Rudolf Cejka]

>Number:         116074
>Category:       bin
>Synopsis:       [libc] fnmatch() does not handle FNM_PERIOD correctly
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 04 09:20:02 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Rudolf Cejka
>Release:        FreeBSD 6.2-STABLE i386
>Organization:
FIT, Brno University of Technology, Czech Republic
>Environment:
	FreeBSD 6.2-STABLE, Aug 20, 2007
>Description:

	The example in How-To-Repeat does incorrectly return
	"Match: Yes (should be No)". The problem in fnmatch() is that
	the implementation finds first "*" character after "a" match,
	and then recursively tries to call itself, but now with
	FNM_PERIOD disabled:

	...
	if (!fnmatch1(pattern, string,
	    flags & ~FNM_PERIOD, patmbs, strmbs))
	        return (0);
	...

	Tried patterns are
	fnmatch("b/*", "bbb/.x", ...)
	fnmatch("b/*", "bb/.x", ...)
	fnmatch("b/*", "b/.x", ...)
	where the third try is successfull, because the FNM_PERIOD
	is disabled. I tried to find a solution, but I'm afraid, that
	it is not so easy, because simply removing code disabling
	FNM_PERIOD could cause another problems (if there is a dot in
	asterisk matching pattern - maybe mangling stringstart inside
	recursive call with FNM_PERIOD allowed could do the job).

>How-To-Repeat:

	#include <stdio.h>
	#include <fnmatch.h>

	int main(void)
	{
	    int r = fnmatch("a*b/*", "abbb/.x", FNM_PATHNAME | FNM_PERIOD);
	    printf("Match: %s\n", (r == 0) ? "Yes (should be No)" : "No");
	    return 0;
	}

>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: