1 files changed, 13 insertions, 0 deletions

diff --git a/lib/libc/gen/glob.c b/lib/libc/gen/glob.c
index 09dfd7a7cb54..5ed8be45f365 100644
--- a/lib/libc/gen/glob.c
+++ b/lib/libc/gen/glob.c
@@ -32,6 +32,8 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
+ *
+ * $FreeBSD$
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
@@ -78,6 +80,14 @@ static char sccsid[] = "@(#)glob.c	8.3 (Berkeley) 10/13/93";
 
 #include "collate.h"
 
+/*
+ * XXX
+ * Arbitrarily limit the number of pathnames that glob may
+ * return, to prevent DoS attacks.  This should probably be
+ * configurable by the user.
+ */
+#define MAX_GLOBENTRIES		16384
+
 #define	DOLLAR		'$'
 #define	DOT		'.'
 #define	EOS		'\0'
@@ -658,6 +668,9 @@ globextend(path, pglob)
 	char *copy;
 	const Char *p;
 
+	if (pglob->gl_pathc > MAX_GLOBENTRIES)
+		return (GLOB_ABEND);
+
 	newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs);
 	pathv = pglob->gl_pathv ?
 		    realloc((char *)pglob->gl_pathv, newsize) :