Date: Wed, 17 Oct 2012 11:44:35 +0200 From: Fabian Keil <freebsd-listen@...iankeil.de> To: oss-security@...ts.openwall.com Subject: Re: CVE request: ruby file creation due in insertion of illegal NUL character Daniel Kahn Gillmor <dkg@...thhorseman.net> wrote: > On 10/16/2012 08:40 AM, Matthias Weckbecker wrote: > > Technically, this would also apply to Perl (at least with 5.12.3). > > It's also the case with perl 5.14.2 (just tested). :/ At least for Perl I consider this a feature. The NUL byte is a special character and allows trailing white space in the filename that is otherwise stripped. This is (more or less) documented in perlopentut(1). It also seems unlikely that someone adds NUL bytes to the white list of acceptable characters by accident, and if there is no white list in the first place, the Perl script probably has bigger issues. Fabian Download attachment "signature.asc" of type "application/pgp-signature" (197 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.