develooper Front page | perl.perl5.porters | Postings from October 2003

proto-patch for -V:<regex> tests

Thread Next
Jim Cromie
October 17, 2003 09:48
proto-patch for -V:<regex> tests
Message ID:

attached patch has 2 new tests -

1st appears to show that the -V:<regex> construct is safe from abuses like

    -V:(?{system 'rm -rf /'})

the 2nd exhibits a regex parse problem I cant fathom.

ok 24 - regex protected against cmdline DOS
# /usr/local/bin/perl "-I../lib" '-V:abuse.*(?{print qq{Danger Will 
Sequence (?{...}) not terminated or not {}-balanced in regex; marked by 
<-- HERE in m/^abuse.*(?{ <-- HERE print=/ at ../lib/ line 1244.
Attempt to free unreferenced scalar.
not ok 25 - paranoid taint # TODO borked due to quoting errors, or 
something else ??
# Failed at t/run/ line 246
#      got ''
# expected /(?-xism:)/

I saw various regex Sequence tests, but they dont help me see why mine 
is failing.

ext/re/re_comp.c:            vFAIL("Sequence (?{...}) not terminated or 
not {}-balanc

the patch also contains a commented out test - for an embedding-friendly 
of  -V:ccflags: that I sent some weeks ago (9/24).    While Yitzchak 
liked it,
Robin also offered a nearby patch, that AMS didnt like.

This patch debunks my notions of re-proposing that previous patch under 
the 'security' rubrik.


Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About