|
Message-ID: <20170617162423.7xrekndbw25zpzeh@jwilk.net> Date: Sat, 17 Jun 2017 18:24:23 +0200 From: Jakub Wilk <jwilk@...lk.net> To: oss-security@...ts.openwall.com Subject: Re: two vulns in uClibc-0.9.33.2 * Simon McVittie <smcv@...ian.org>, 2017-06-17, 13:27: >The two standardized POSIX dialects implemented by Unix C libraries (basic >regexes as used in grep and sed, and extended regexes as used in grep -E and >sed -E) aren't fully compatible with the Perl syntax: for example \s matches >the letter s in BREs or EREs, Actually POSIX says outside a bracket expression, \s is undefined. (But in the GNU libc regcomp() implementation, it matches a whitespace character.) Inside a bracket expression \s is meant literally, i.e. it matches either a backslash or a letter "s". >but matches any whitespace character in the Perl-derived dialects. This makes >the POSIX regex functions not particularly useful for implementors of a >JavaScript runtime. Right. -- Jakub Wilk
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.