oss-sec mailing list archives
Re: CVE request: ruby file creation due in insertion of illegal NUL character
From: Fabian Keil <freebsd-listen () fabiankeil de>
Date: Wed, 17 Oct 2012 11:44:35 +0200
Daniel Kahn Gillmor <dkg () fifthhorseman net> wrote:
On 10/16/2012 08:40 AM, Matthias Weckbecker wrote:Technically, this would also apply to Perl (at least with 5.12.3).It's also the case with perl 5.14.2 (just tested). :/
At least for Perl I consider this a feature. The NUL byte is a special character and allows trailing white space in the filename that is otherwise stripped. This is (more or less) documented in perlopentut(1). It also seems unlikely that someone adds NUL bytes to the white list of acceptable characters by accident, and if there is no white list in the first place, the Perl script probably has bigger issues. Fabian
Attachment:
signature.asc
Description:
Current thread:
- CVE request: ruby file creation due in insertion of illegal NUL character Vincent Danen (Oct 12)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Kurt Seifried (Oct 13)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character U.Nakamura (Oct 15)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Matthias Weckbecker (Oct 16)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Daniel Kahn Gillmor (Oct 16)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Fabian Keil (Oct 17)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Matthias Weckbecker (Oct 17)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Kurt Seifried (Oct 17)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Simon McVittie (Oct 17)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Kurt Seifried (Oct 17)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Matthias Weckbecker (Oct 18)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Simon McVittie (Oct 18)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Daniel Kahn Gillmor (Oct 16)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Kurt Seifried (Oct 13)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Simon McVittie (Oct 17)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Eitan Adler (Oct 17)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Tim (Oct 17)