Bugtraq mailing list archives
Re: Eudora executes (Java) URL
From: hightide () GINCH ORG (High Tide)
Date: Wed, 12 Aug 1998 10:29:08 -0500
Actually, I believe the RE that you are looking for is this:
s/<\s*BODY\s+((([^">]+("(\\.|[^"])*")?)*)ONLOAD)*?\s*/<BODY $1
DEFANGED-ONLOAD/gi;
Actually, I believe this discussion should be taken off bugtraq unless someone knows how to fix the backtracking problem that I don't think even made it to the list. The problem is with the second (in the above expression) +, and the third *. What happens is as the regex is processing <BODY 123> it ends up trying to find a match in with the following values for the [^">]+ : 123 12 3 1 23 1 2 3 I don't know if that makes any sense to you, but it's a exponential load result, 2^(n-1) where n = len($x). Try this regex on <BODY $x> for large values of len($x). Sean Bastille
Current thread:
- Re: Eudora executes (Java) URL John D. Hardin (Aug 10)
- <Possible follow-ups>
- Re: Eudora executes (Java) URL Dominique Unruh (Aug 11)
- Re: Eudora executes (Java) URL Vitiello, Eric (Aug 11)
- Re: Eudora executes (Java) URL James Wetterau (Aug 11)
- Re: Eudora executes (Java) URL Alec Kosky (Aug 11)
- Re: Eudora executes (Java) URL John D. Hardin (Aug 11)
- Cisco IOS software security notice security-alert () cisco com (Aug 12)
- Re: Eudora executes (Java) URL High Tide (Aug 12)
- Re: RotoRouter 1.0 - Traceroute log & fake Julian Assange (Aug 11)
- DoS in Flowpoint 2000 DSL routers Jason Ackley (Aug 11)
- Re: DoS in Flowpoint 2000 DSL routers Tom (Aug 11)
- Re: DoS in Flowpoint 2000 DSL routers Jason Ackley (Aug 12)
- Linux 2.1.115 oops (demo and fix) Duncan Simpson (Aug 13)
- Re: Linux 2.1.115 oops (demo and fix) Chris Wedgwood (Aug 13)
- [rootshell] Security Bulletin #22 DeadSock (Aug 14)
- Linux 2.1.115 devpts bug improved fix Duncan Simpson (Aug 13)