* Kjetil Kjernsmo: > If I have a PerlRun script, e.g., http://localhost/test/script, and > call it using a URL with special symbols like '(' in path_info, > PerlRun fails with server error. For example, calling > http://localhost/test/script/( > produces this error: > > [Thu Mar 22 10:24:57 2007] [error] Unmatched ( in regex; marked by <-- > HERE in m//( <-- HERE $/ at > /usr/local/lib/perl5/site_perl/5.8.8/mach/Apache/PerlRun.pm line 171. > > > So, in most cases, it is an Internal Server Error, which, AFAIK does not > kill the process, and will only affect the requesting client.
On the other hand, computing and matching regular expressions can be fairly expensive (exponential complexity and things like that). Usually, such bugs are hard to exploit unless you control both regexp and matched string. For instance, CGI.pm suffered from essentially the same bug, and it was considered not exploitable. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
