Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 17 Jun 2017 18:24:23 +0200
From: Jakub Wilk <jwilk@...lk.net>
To: oss-security@...ts.openwall.com
Subject: Re: two vulns in uClibc-0.9.33.2

* Simon McVittie <smcv@...ian.org>, 2017-06-17, 13:27:
>The two standardized POSIX dialects implemented by Unix C libraries (basic 
>regexes as used in grep and sed, and extended regexes as used in grep -E and 
>sed -E) aren't fully compatible with the Perl syntax: for example \s matches 
>the letter s in BREs or EREs,

Actually POSIX says outside a bracket expression, \s is undefined. (But in the 
GNU libc regcomp() implementation, it matches a whitespace character.)

Inside a bracket expression \s is meant literally, i.e. it matches either a 
backslash or a letter "s". 

>but matches any whitespace character in the Perl-derived dialects. This makes 
>the POSIX regex functions not particularly useful for implementors of a 
>JavaScript runtime.

Right.

-- 
Jakub Wilk

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ