Package: file
Version: 4.21-1
Hi,
although the CVE-2007-2026 patch avoids the DoS attack, it makes file
much slower when a UTF-8 locale is used. Below are the times to
identify a ~100K c++ source file observed on 2.8GHz Intel C2D:
$ time LC_ALL=cs_CZ.UTF-8 file testfile.cpp
testfile.cpp: ASCII C++ program text
real 0m0.604s
user 0m0.600s
sys 0m0.003s
$ time LC_ALL=C file testfile.cpp
testfile.cpp: ASCII C++ program text
real 0m0.060s
user 0m0.056s
sys 0m0.002s
This is particularly annoying when using the Midnight Commander, as it
uses file command to identify any file before viewing.
commenting the lines
100 regex/c =^\\s{0,255}call\\s{1,99}rxfuncadd OS/2 REXX batch file
text
100 regex/c =^\\s{0,255}say\ ['"] OS/2 REXX batch
file text
fixes the problem. The slowdown didn't occur with the original
vulnerable version either.
Regards,
--
Jindrich Makovicka
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
