Hi Seán,
you're absolutely right. That's the thing I missed I wasn't aware of the
fact that indexOf deals with ASCII format chars.
The fix seems to be absolutely ok. In any case, a smart solution to safe
operation calls!
Sorry for the confusion.
Regards,
Chris
On Friday 24 February 2012 1
hold on,
the indexOf test will match with those ASCII format chars.
i.e
"/.\56/.\56/.\56/etc/passwd".indexOf("..") returns 1.
Is the fix still ok then ?christopher.me...@rub.de
regards,
Sean
On 24/02/12 14:09, Seán Coffey wrote:
thanks for raising this point Chris.
we certainly don't want a
thanks for raising this point Chris.
we certainly don't want any windows for such an attack. I'll revisit this.
regards,
Sean.
On 24/02/12 13:31, Christopher Meyer wrote:
Hi,
please correct me if I'm wrong, but the Changeset 5052 in ZoneInfoFile could
maybe draw an unexpected SideChannel at Sy
Hi,
please correct me if I'm wrong, but the Changeset 5052 in ZoneInfoFile could
maybe draw an unexpected SideChannel at System.err.
Please have a look at the following:
TimeZone tzExistent = TimeZone.getTimeZone("/.\56/.\56/.\56/etc/passwd");
will walk the following path:
java.util.TimeZone:
pu
