This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH v6] Improve DST handling (Bug 23102, Bug 21942, Bug 18018, Bug, 23259, CVE-2011-0536 ).
On Jun 12 2018, Andreas Schwab <schwab@suse.de> wrote:
> On Jun 12 2018, Carlos O'Donell <carlos@redhat.com> wrote:
>
>> + /* Check for matching name, following closing curly brace (if
>> + required), or trailing characters which are part of an
>> + identifier. */
>> + size_t rlen = strlen (ref);
>> + if (strncmp (input, ref, rlen) != 0
>> + || (is_curly && input[rlen] != '}')
>> + || ((input[rlen] >= 'A' && input[rlen] <= 'Z')
>> + || (input[rlen] >= 'a' && input[rlen] <= 'z')
>> + || (input[rlen] >= '0' && input[rlen] <= '9')
>> + || (input[rlen] == '_')))
>
> That will always reject ${FOO}. If is_curly is true, the other checks
> must not be performed.
Sorry, this is of course rubbish. This is ok.
Andreas.
--
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."
- References:
- [PATCH] Improve DST handling (Bug 23102, Bug 21942, Bug 18018, Bug, 23259, CVE-2011-0536 ).
- Re: [PATCH] Improve DST handling (Bug 23102, Bug 21942, Bug 18018, Bug, 23259, CVE-2011-0536 ).
- Re: [PATCH] Improve DST handling (Bug 23102, Bug 21942, Bug 18018, Bug, 23259, CVE-2011-0536 ).
- Re: [PATCH v4] Improve DST handling (Bug 23102, Bug 21942, Bug 18018, Bug, 23259, CVE-2011-0536 ).
- Re: [PATCH v4] Improve DST handling (Bug 23102, Bug 21942, Bug 18018, Bug, 23259, CVE-2011-0536 ).
- [PATCH v6] Improve DST handling (Bug 23102, Bug 21942, Bug 18018, Bug, 23259, CVE-2011-0536 ).
- Re: [PATCH v6] Improve DST handling (Bug 23102, Bug 21942, Bug 18018, Bug, 23259, CVE-2011-0536 ).