Date: Thu, 3 Dec 2015 13:19:22 +0100 From: Jakub Wilk <jwilk@...lk.net> To: oss-security@...ts.openwall.com Cc: carnil@...ian.org, cve-assign@...re.org Subject: Re: Re: Heap Overflow in PCRE >3. The pattern in question for CVE-2015-3210, i.e., the >/^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/ pattern, >doesn't have any instances of something like \1 or \g that are commonly >used for a back reference. (?P=foo) is the Python syntax for backreference, which is supported by PCRE: http://pcre.org/current/doc/html/pcre2syntax.html#SEC20 -- Jakub Wilk
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ