Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150321021018.GH16260@port70.net>
Date: Sat, 21 Mar 2015 03:10:18 +0100
From: Szabolcs Nagy <nsz@...t70.net>
To: Rich Felker <dalias@...c.org>
Cc: Konstantin Serebryany <konstantin.s.serebryany@...il.com>,
	musl@...ts.openwall.com
Subject: Re: buffer overflow in regcomp and a way to find more of those

* Rich Felker <dalias@...c.org> [2015-03-20 21:30:16 -0400]:
> > > int main() {
> > >   regex_t preg;
> > >   const char *s = ".****\\Z$<\\0)_";
> 
> Isn't the \0 an invalid backreference? Could it be getting processed
> in a way that's causing the slowdown, but simply rejected by glibc?

ah you were right the \0 causes the slow down here:
it switches to the backtracking mode and there are
many ways to backtrack on .****

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.