[PATCH] Improve DST handling (Bug 23102, Bug 21942, Bug 18018, Bug, 23259, CVE-2011-0536 ).
Andreas Schwab
schwab@suse.de
Mon Jun 11 08:04:00 GMT 2018
- Previous message (by thread): [PATCH] Improve DST handling (Bug 23102, Bug 21942, Bug 18018, Bug, 23259, CVE-2011-0536 ).
- Next message (by thread): [PATCH] Improve DST handling (Bug 23102, Bug 21942, Bug 18018, Bug, 23259, CVE-2011-0536 ).
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
On Jun 07 2018, Carlos O'Donell <carlos@redhat.com> wrote:
> Careful, is_dst () takes as input the start of a DST sequence,
> but that sequence is not validated yet.
You have already validated the prefix by comparing it with the string,
and you only have to check the next character.
> What if name was '$ORIGIN-' but str was '$ORIGIN'?
That would match of course, since `-' is not part of the DST (with the
relaxed rules).
Andreas.
--
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."
- Previous message (by thread): [PATCH] Improve DST handling (Bug 23102, Bug 21942, Bug 18018, Bug, 23259, CVE-2011-0536 ).
- Next message (by thread): [PATCH] Improve DST handling (Bug 23102, Bug 21942, Bug 18018, Bug, 23259, CVE-2011-0536 ).
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Libc-alpha
mailing list