develooper Front page | perl.perl5.porters | Postings from October 2012

Re: Security Issues in perl-5.16.x

Thread Previous | Thread Next
October 2, 2012 16:28
Re: Security Issues in perl-5.16.x
Message ID:
On 3 October 2012 01:10, Chip Salzenberg <> wrote:
> On Mon, Oct 1, 2012 at 11:56 PM, Aristotle Pagaltzis <> wrote:
>> * Chip Salzenberg <> [2012-10-02 07:05]:
>>> If you meant only to restrict only strings handed to require and do
>>> FILE, I would not fork Perl for that. Of course I would still hold
>>> you in derision for demanding it, given its utter uselessness; and
>>> I would enthusiastically mock anyone who decided to go along with you.
>>> But I wouldn't fork Perl.
>> Just because? Or do you have any use for that?
> I do have a use.  For the first example off the top of my head, I've
> made some spam-fighting software that uses packed IPv4 addresses as
> hash keys.  Those have NULs in them for sure.
> I truly can't believe this is a question.  Strings can have NULs in
> them.  Hash keys are strings...

I personally have not read any of this discussion as suggesting that
hash keys in general should not be allowed to contain nulls. To me
that is so obviously ridiculous that I think we can assume that no-one
is suggesting it.

The interpretation I have is that people think we should not end up
with package names that contain nulls, which seems to me to be a much
more reasonable request.


perl -Mre=debug -e "/just|another|perl|hacker/"

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About