http://bugzilla.spamassassin.org/show_bug.cgi?id=3828
------- Additional Comments From [EMAIL PROTECTED] 2004-12-07 18:03 -------
alright -- I've put in a bit of legwork on this. here's a test
script that exercises an evil regexp exponential-time attack, using
a particularly awful regexp and piece of data, and then attempts to
use various forms of signal handler to deal with it.
as far as I know, it should now work on all versions of perl, with
and without PERL_SIGNALS=unsafe -- in other words, it works around
the issue entirely!
but if you have really odd versions of perl (ie. != 5.6.1 or 5.8.4),
please run it and, if the output differs from this:
using sigaction [or "using SIG"]
entering re match
eval caught: got sigalrm successfully
done re match in 2 secs
then post the output.
#!/usr/bin/perl -w
use strict; trap_sigalrm (\&got_alrm); alarm 2;
my $start = time; print "entering re match\n";
my $text = (("o" x 9999) . "x") x 999;
eval { $text =~ /o*xo*y/; };
if ($@) { warn "eval caught: $@"; }
alarm 0;
my $end = time; print "done re match in ".($end - $start)." secs\n"; exit;
sub got_alrm { die "got sigalrm successfully\n"; }
sub trap_sigalrm {
my ($handler) = @_;
if ($^V lt v5.8.0) {
print "using SIG\n";
$SIG{ALRM} = $handler;
} else {
print "using sigaction\n";
use POSIX qw();
POSIX::sigaction POSIX::SIGALRM(), new POSIX::SigAction $handler;
}
}
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
