Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 3 Dec 2015 13:19:22 +0100
From: Jakub Wilk <jwilk@...lk.net>
To: oss-security@...ts.openwall.com
Cc: carnil@...ian.org, cve-assign@...re.org
Subject: Re: Re: Heap Overflow in PCRE

>3. The pattern in question for CVE-2015-3210, i.e., the 
>/^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/ pattern, 
>doesn't have any instances of something like \1 or \g that are commonly 
>used for a back reference.

(?P=foo) is the Python syntax for backreference, which is supported by 
PCRE: http://pcre.org/current/doc/html/pcre2syntax.html#SEC20

-- 
Jakub Wilk

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ