On 13 September 2016 at 20:28, Andy Lester <andy@petdance.com> wrote: > > On Sep 13, 2016, at 1:25 PM, demerphq <demerphq@gmail.com> wrote: > > > I did not search for other examples. I thought it might be best to > > open a discussion before proceeding on any work. > > Not sure what there is to discuss really. Wrong is wrong. ☺️ > > > I took the comment to mean “For all I know, there may be other examples > elsewhere in the codebase, and it might even be a security hole, but I > haven’t investigated further, but someone probably should before we just > patch this and call it done." > Ah, good catch. Well, maybe there is a security hole here, I don't know. But there are a lot of issues with the code as written. In several places it accesses memory it can't know that we own. It looks to me like if you called this function with a string which ended in exactly one colon that we would continue reading until we hit a null or segfaulted. What would /then/ happen is not clear. Yves -- perl -Mre=debug -e "/just|another|perl|hacker/"Thread Previous | Thread Next