Great Circle Associates Majordomo-Workers
(August 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: [Fwd: BoS: Vulnerability in Majordomo]
From: Russ Allbery <rra @ stanford . edu>
Date: 26 Aug 1997 08:52:55 -0700
To: majordomo-workers @ greatcircle . com
In-reply-to: Brian Behlendorf's message of Mon, 25 Aug 1997 13:01:33 -0700
References: <3.0.3.32.19970825130133.00850890@localhost> 
Brian Behlendorf <brian@organic.com> writes:

>> foreach $i (@array) {
>>   $command = "(q~$reply_addr~ =~ $i)";
>>   $result = 1, last if (eval $command);
>> }

Why isn't this just:

        foreach $i (@array) {
            ($regex) = ($i =~ m%^/(.*)/$%);
            $result = 1, last if ($reply_addr =~ /$regex/);
        }

and skip the need for the eval in the first place?  eval is evil and
should be avoided where possible.  This will cause majordomo to blow major
chunks if the provided regex is invalid, but that's at least semi-trusted
data.

Under Perl 5, you could just use:

        eval { $result = 1, last if ($reply_addr =~ /$regex/) };

using the error catching form of eval (which is totally different than a
string eval) and then check $@, but I'm not sure if this works under Perl
4.

-- 
Russ Allbery (rra@stanford.edu)         <URL:http://www.eyrie.org/~eagle/>
Follow-Ups:
References:
Indexed By Date Previous: Re: [Fwd: BoS: Vulnerability in Majordomo]
From: Dave Wolfe <dwolfe@risc.sps.mot.com>
Next: Re: [Fwd: BoS: Vulnerability in Majordomo]
From: Dave Wolfe <dwolfe@risc.sps.mot.com>
Indexed By Thread Previous: Re: [Fwd: BoS: Vulnerability in Majordomo]
From: Norbert Bollow <nb@pobox.com>
Next: Re: [Fwd: BoS: Vulnerability in Majordomo]
From: Dave Wolfe <dwolfe@risc.sps.mot.com>
Google
 
Search Internet Search www.greatcircle.com