15 messages in org.perl.perl5-portersRe: Pattern matching in SNOBOL4 (long...| From | Sent On | Attachments |
|---|---|---|
| Mark-Jason Dominus | Apr 15, 1998 10:23 pm | |
| Ilya Zakharevich | Apr 15, 1998 11:34 pm | |
| Moore, Paul | Apr 16, 1998 2:16 am | |
| Moore, Paul | Apr 16, 1998 2:49 am | |
| Chaim Frenkel | Apr 16, 1998 6:50 am | |
| Mark-Jason Dominus | Apr 16, 1998 7:20 am | |
| Ilya Zakharevich | Apr 16, 1998 9:53 am | |
| Ilya Zakharevich | Apr 16, 1998 10:08 am | |
| Larry Wall | Apr 16, 1998 10:41 am | |
| Chaim Frenkel | Apr 16, 1998 11:03 am | |
| Ton Hospel | Apr 16, 1998 3:18 pm | |
| kst...@chapin.edu | Apr 16, 1998 4:41 pm | |
| Peter Prymmer | Apr 16, 1998 4:55 pm | |
| Ton Hospel | Apr 17, 1998 1:39 pm | |
| Ton Hospel | Apr 17, 1998 2:20 pm |
| Subject: | Re: Pattern matching in SNOBOL4 (long, digression) | |
|---|---|---|
| From: | Ton Hospel (thos...@mail.dma.be) | |
| Date: | Apr 17, 1998 2:20:50 pm | |
| List: | org.perl.perl5-porters | |
Ok, you convinced me. I always thought the eval I put around these constructs took care of evil user input, but reading your post and checking teaches me that bad expressions are indeed fatal. So I'll just stop using that particular construct :-)
Which leads me to: why are they fatal ? (More out of curiosity, making them not fatal would indeed solve ?e, since Ilya wants to make them taint checked, but it wouldn't solve the easily written out of memory regex).
Sorry for following up to myself here. My quick test was wrong, eval DOES of course catch bad regexes (I really had to rerun my quick test since it was so contrary to my understanding of perl)
The "out of memory" regex argument still convinces me that I shouldn't let user provide regexes.
So for my programs, I don't mind (?e...), but I can imagine there's people out there that don't have an eval wrapped around it, and instead of crashing their programs evil users can now execute arbitrary code, so an x modifier might still be a good idea before allowing (?e..)