Re: 4.0a3 - Two Regular Expression Libraries? -- We need your input!

new topic     » goto parent     » topic index » view thread      » older message » newer message
  • Posted by CoJaBo Mar 16, 2009
  • 1255 views
jeremy said...

... Buffer overruns are huge. This past year, there has been three patches that I know of by the debian group to stop a buffer overrun that causes the caller to be able to execute programs on the host computer. They are all very tricky. I'm not a hacker, so I do not understand it that well, but people have been able to execute a program on your computer through exploits in PCRE. For instance: 

sequence name = prompt_string("Enter your name: ") 
r:regex validNameRx = r:new("[A-Z][a-z]+") 
if r:match(validNameRx, name) then 
    puts(1, "You have a valid name!\n") 
end if

That program above, people have been able to execute commands on your computer though. ...

^ That, I would like to see. I have seen exploits used as an example of why not to use PCRE several times, yet noone can show me an example of one of these 3 exploits. Where are they documented in detail?

new topic     » goto parent     » topic index » view thread      » older message » newer message

Search



Quick Links

User menu

Not signed in.

Misc Menu