close 470676 5.10.0-1 tag 470676 etch thanks On Thu, Mar 13, 2008 at 02:34:48PM +0200, Niko Tyni wrote:
> These both look like #466298: the stack blows because the regexp engine > is recursive in the 5.8 series. From the 5.10.0 changelog: > > [ 27598] By: davem on 2006/03/24 23:05:11 > Log: make S_regmatch() iterative rather than recursive. > Goodbye stack-bustng regexes! > Branch: perl > ! regexec.c > > Indeed, the examples given don't crash on 5.10.0, and growing RLIMIT_STACK > (eg. 'ulimit -s unlimited') makes them go away on 5.8.8. Core dumps confirm this, so I'm closing this at 5.10.0-1 (fixed-in-experimental until the release team says the word). Joey Hess wrote: > I've filed this bug at severity serious, as since the crash is based on > the input data, it could potentially be used in a denial of service > attack. I don't really think this should be fixed for Etch, the change is too invasive for that. Other opinions are of course welcome; CCing the security team. FWIW, the change is not going to be ported to the maint-5.8 branch upstream (see http://rt.perl.org/rt3/Public/Bug/Display.html?id=40654) and the bleadperl change doesn't apply cleanly against 5.8.8 (13 out of 47 hunks FAILED), so porting it would not be a trivial task. The patch can be found for example at http://www.nntp.perl.org/group/perl.perl5.changes/2006/03/msg15410.html regexec.c | 654 +++++++++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 502 insertions(+), 152 deletions(-) Cheers, -- Niko Tyni [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]