oss-sec mailing list archives

Re: Re: CVE Request: PHP

From: Joshua Rogers <oss () internot info>
Date: Sun, 25 Jan 2015 08:11:55 +1100

On 25/01/15 07:43, Joshua Rogers wrote:

"REG_EXTENDED", according to the regex(3) manual, is for "POSIX Extended
Regular Expression syntax"

which probably isn't that common.

Actually, I worked it out:

if you edit the isinsets function,

with this:

        register unsigned uc = (unsigned char)c;
        printf("ncols: %d\n", ncols);

        for (i = 0, col = g->setbits; i < ncols; i++, col += g->csetsize) {
        printf("inside isinsets2: %d\n", col[uc]); 
                if (col[uc] != 0)
                        return(1);
        }

you'll see  that 'isinsets' is false on a normal run of ereg(which is
extended POSIX regex by default)
and when running ereg, it'll printf 'ncols: 0' constantly.

I don't know how 'sets' are done in PHP ereg, however.


Thanks,
-- 
-- Joshua Rogers <https://internot.info/>

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

CVE Request: PHP Joshua Rogers (Jan 08)
- Re: CVE Request: PHP Joshua Rogers (Jan 08)
- Re: CVE Request: PHP cve-assign (Jan 24)
  - Re: CVE Request: PHP Joshua Rogers (Jan 24)
    - Re: Re: CVE Request: PHP Joshua Rogers (Jan 24)
    - Re: Re: CVE Request: PHP Joshua Rogers (Jan 24)