oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Heap Overflow in PCRE

From: Jakub Wilk <jwilk () jwilk net>
Date: Thu, 3 Dec 2015 13:19:22 +0100
3. The pattern in question for CVE-2015-3210, i.e., the /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/ pattern, doesn't have any instances of something like \1 or \g that are commonly used for a back reference.
(?P=foo) is the Python syntax for backreference, which is supported by PCRE: http://pcre.org/current/doc/html/pcre2syntax.html#SEC20 

--
Jakub Wilk
Previous By Date Next
Previous By Thread Next

Current thread: