Ticket #7482 (new bug)

Opened 14 months ago

Last modified 14 months ago

pcre security issues

Reported by: javelin Owned by: raevnos
Priority: major Milestone: 1.8.3p6
Keywords: Cc:
Visibility: Private

Description

http://www.frsirt.com/english/advisories/2007/3725

pcre 6.x is likely vulnerable to malformed regexes allowing people to execute arbitrary code. Penn should probably update its internal pcre and/or see if it's possible to just link against a system's pcre library so that chasing these kind of security fixes becomes the OS's problem (which it already is) alone.

Change History

Changed 14 months ago by raevnos

  • owner changed from devteam to raevnos
  • type changed from incoming to bug
  • milestone set to 1.8.3p6

I think it is difficult to the point of impossibility to get a string that ends up being valid binary opcodes through the isprint() checks (But not completely impossible; I've seen an example using utf-8, just not latin-1). Still a good idea.

Checked in a test for a system libpcre. Using it, size of the netmud binary is ~100K smaller.

Still to do: Update the bundled pcre.

Note: See TracTickets for help on using tickets.