Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:43822 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 92565 invoked from network); 1 May 2009 01:00:57 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 1 May 2009 01:00:57 -0000 Authentication-Results: pb1.pair.com smtp.mail=php_lists@realplain.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=php_lists@realplain.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain realplain.com from 209.151.69.1 cause and error) X-PHP-List-Original-Sender: php_lists@realplain.com X-Host-Fingerprint: 209.151.69.1 liberty.vosn.net Linux 2.4/2.6 Received: from [209.151.69.1] ([209.151.69.1:57283] helo=liberty.vosn.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 08/5A-32602-9C94AF94 for ; Thu, 30 Apr 2009 21:00:57 -0400 Received: from 72-161-141-80.dyn.centurytel.net ([72.161.141.80]:56278 helo=pc1) by liberty.vosn.net with smtp (Exim 4.69) (envelope-from ) id 1Lzh7V-0006Rn-T4; Thu, 30 Apr 2009 19:00:54 -0600 Message-ID: To: , "Nuno Lopes" , "Lukas Kahwe Smith" Cc: "Dmitry Stogov" , References: <6604D94D40FD465F992144110B075BB5@pc1> <9D5D4CBF-5CB1-47EC-81F4-59E3C48EEEEF@pooteeweet.org> Date: Thu, 30 Apr 2009 20:00:51 -0500 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5512 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - liberty.vosn.net X-AntiAbuse: Original Domain - lists.php.net X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - realplain.com Subject: Re: [PHP-DEV] [PATCH] Scanner "diet" with fixes, etc. From: php_lists@realplain.com ("Matt Wilmas") Hi guys, ----- Original Message ----- From: "Nuno Lopes" Sent: Thursday, April 30, 2009 >>> The patch looks generally ok. However I'll need a few more days to >>> review it carefully and throughly. (you can merge it in the meantime if >>> you want). >>> I'm just slighty concern with the amount of parsing we are now doing by >>> hand, and with the possible (local) security bugs we might be >>> introducing.. >> >> >> Am I understanding this properly, that this addresses the re2c EOF bug? >> So we have an RC planned for next week (freeze Monday evening). Can you >> get this fixed and released by then as Marcus is unable to do this >> himself? > > So this addresses some of the re2c EOF problems, but I don't know if it > addresses all of them or not. I haven't had the time yet for a full > review. > Anyway, Matt can surelly comment on this. Yes, it addresses the re2c EOF issues for strings and comments, as they were the problem ones that allowed NULL bytes, and scanned past the EOF NULL. As I said to Dmitry, I'm not sure if it's now possible to remove the temporary mmap() fixes that he wanted removed before the next RC (??), or if there would still be problems with re2c scanning other tokens, even though they can't contain NULLs. I didn't attempt to make any changes there, since I'm not familiar with what's been done. I just wanted to finally send the patch for others to review, and decide what to do, so I won't commit any changes yet in the meantime. :-) > Nuno - Matt