Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sat, 17 Jun 2017 18:24:23 +0200
From: Jakub Wilk <jwilk@...lk.net>
To: oss-security@...ts.openwall.com
Subject: Re: two vulns in uClibc-0.9.33.2

* Simon McVittie <smcv@...ian.org>, 2017-06-17, 13:27:
>The two standardized POSIX dialects implemented by Unix C libraries (basic 
>regexes as used in grep and sed, and extended regexes as used in grep -E and 
>sed -E) aren't fully compatible with the Perl syntax: for example \s matches 
>the letter s in BREs or EREs,

Actually POSIX says outside a bracket expression, \s is undefined. (But in the 
GNU libc regcomp() implementation, it matches a whitespace character.)

Inside a bracket expression \s is meant literally, i.e. it matches either a 
backslash or a letter "s". 

>but matches any whitespace character in the Perl-derived dialects. This makes 
>the POSIX regex functions not particularly useful for implementors of a 
>JavaScript runtime.

Right.

-- 
Jakub Wilk

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.