Skip Menu |
 

This queue is for tickets about the Sys-Syslog CPAN distribution.

Report information
The Basics
Id: 41234
Status: open
Priority: 0/
Queue: Sys-Syslog

People
Owner: Nobody in particular
Requestors: MARKOV [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Critical
Broken in: 0.27
Fixed in: (no value)



Subject: escape escapes
MIME-Version: 1.0
X-Mailer: MIME-tools 5.426 (Entity 5.426)
Content-Type: text/plain
Charset: utf8
Content-Disposition: inline
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 1190
Download (untitled) / with headers
text/plain 1.1k
Many people use syslog() unaware of possible "code injection" schemes, especially when syslog is used in trace mode where raw incoming data is logged before processing. Simple example: a cgi script receives form data and logs this before inspecting it at detail. The data contains escape codes, which are sent through syslog() to log-files. The log-files (on UNIX/Linux) are usually only readible by root. The super-user opens the logfile with 'vi' (and friends), which prints the escape codes to the xterm. Some escape codes are more dangerous than other. Where we cannot change the behavior of the kernel syslog() implementation, we can protect root from (unknowingly) unsafe behavior of Perl programmers. Syslog should replace the non-printables. For instance, an escape code should be rewritten into \x1b, \e or <esc> AFAIK, there is no (core) module which can un-arm dangerous strings. It could be a useful general extension of Encode or even PerlIO. There could be one standard conversion choice, or it can be made configurable. Suggested interface: openlog $name, "pid,encoding(utf-8),escape(hex)", "local1"; openlog $name, "pid,raw,unsafe", "local2"; #currently
MIME-Version: 1.0 (Apple Message framework v753.1)
X-Spam-Status: No, hits=0.0 required=8.0 tests=
In-Reply-To: <rt-3.6.HEAD-24168-1227693441-681.41234-4-0 [...] rt.cpan.org>
X-Mailer: Apple Mail (2.753.1)
References: <RT-Ticket-41234 [...] rt.cpan.org> <rt-3.6.HEAD-24168-1227693441-681.41234-4-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"; delsp="yes"; format="flowed"
Message-ID: <3B6C103C-5B20-4636-A310-7DFEE782587B [...] cpan.org>
X-RT-Original-Encoding: utf-8
Received: from la.mx.develooper.com (x1.develooper.com [63.251.223.170]) by diesel.bestpractical.com (Postfix) with SMTP id 0745819B8097 for <bug-Sys-Syslog [...] rt.cpan.org>; Wed, 11 Feb 2009 19:56:14 -0500 (EST)
Received: (qmail 23237 invoked by uid 103); 12 Feb 2009 00:56:14 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 12 Feb 2009 00:56:14 -0000
Received: from smtp1-g21.free.fr (HELO smtp1-g21.free.fr) (212.27.42.1) by 16.mx.develooper.com (qpsmtpd/0.43rc1) with ESMTP; Wed, 11 Feb 2009 16:56:10 -0800
Received: from smtp1-g21.free.fr (localhost [127.0.0.1]) by smtp1-g21.free.fr (Postfix) with ESMTP id C0608940093 for <bug-Sys-Syslog [...] rt.cpan.org>; Thu, 12 Feb 2009 01:55:43 +0100 (CET)
Received: from [192.168.1.100] (ant06-1-82-242-109-222.fbx.proxad.net [82.242.109.222]) by smtp1-g21.free.fr (Postfix) with ESMTP id 7626194005C for <bug-Sys-Syslog [...] rt.cpan.org>; Thu, 12 Feb 2009 01:55:40 +0100 (CET)
Delivered-To: cpan-bug+Sys-Syslog [...] diesel.bestpractical.com
Subject: Re: [rt.cpan.org #41234] escape escapes
Return-Path: <saper [...] cpan.org>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: bug-Sys-Syslog [...] rt.cpan.org
Date: Thu, 12 Feb 2009 01:55:37 +0100
X-Spam-Level: *
To: bug-Sys-Syslog [...] rt.cpan.org
Content-Transfer-Encoding: quoted-printable
From: Sébastien Aperghis-Tramoni <saper [...] cpan.org>
RT-Message-ID: <rt-3.6.HEAD-29719-1234400180-620.41234-0-0 [...] rt.cpan.org>
Content-Length: 681
Download (untitled) / with headers
text/plain 681b
Hello Mark, Apologies for answering only now. I forgot several times to write the code, then to package the code, then to answer this ticket.. I wrote a module to test the C code that does the actual work of escaping non-printable characters. » http://search.cpan.org/dist/PerlIO-via-escape_ansi/ The module itself is more a proof-of-concept, the XS being extremely simple, and most probably subject to memory leaks. A true PerlIO module should be written in full XS (but that's harder to do, especially given my XS level). If you think this code is good enough, I'll integrate it in Sys::Syslog. -- Sébastien Aperghis-Tramoni Close the world, txEn eht nepO.
MIME-Version: 1.0 (Apple Message framework v753.1)
X-Spam-Status: No, hits=0.0 required=8.0 tests=
In-Reply-To: <3B6C103C-5B20-4636-A310-7DFEE782587B [...] cpan.org>
X-Mailer: Apple Mail (2.753.1)
References: <RT-Ticket-41234 [...] rt.cpan.org> <rt-3.6.HEAD-24168-1227693441-681.41234-4-0 [...] rt.cpan.org> <3B6C103C-5B20-4636-A310-7DFEE782587B [...] cpan.org>
Content-Type: text/plain; charset="utf-8"; delsp="yes"; format="flowed"
Message-ID: <CCE65B86-9F65-4FE0-B8D7-92368D9D4B27 [...] cpan.org>
X-RT-Original-Encoding: utf-8
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by diesel.bestpractical.com (Postfix) with SMTP id DE95B63C6E3 for <bug-Sys-Syslog [...] rt.cpan.org>; Sun, 19 Apr 2009 10:52:20 -0400 (EDT)
Received: (qmail 9899 invoked by uid 103); 19 Apr 2009 14:52:20 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 19 Apr 2009 14:52:20 -0000
Received: from smtp3-g21.free.fr (HELO smtp3-g21.free.fr) (212.27.42.3) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Sun, 19 Apr 2009 07:52:13 -0700
Received: from smtp3-g21.free.fr (localhost [127.0.0.1]) by smtp3-g21.free.fr (Postfix) with ESMTP id C14F481809A for <bug-Sys-Syslog [...] rt.cpan.org>; Sun, 19 Apr 2009 16:52:06 +0200 (CEST)
Received: from [192.168.1.100] (ant06-1-82-242-109-222.fbx.proxad.net [82.242.109.222]) by smtp3-g21.free.fr (Postfix) with ESMTP id D127F81805F for <bug-Sys-Syslog [...] rt.cpan.org>; Sun, 19 Apr 2009 16:52:03 +0200 (CEST)
Delivered-To: cpan-bug+Sys-Syslog [...] diesel.bestpractical.com
Subject: Re: [rt.cpan.org #41234] escape escapes
Return-Path: <saper [...] cpan.org>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: bug-Sys-Syslog [...] rt.cpan.org
Date: Sun, 19 Apr 2009 16:52:01 +0200
X-Spam-Level: *
To: bug-Sys-Syslog [...] rt.cpan.org
Content-Transfer-Encoding: quoted-printable
From: Sébastien Aperghis-Tramoni <saper [...] cpan.org>
RT-Message-ID: <rt-3.6.HEAD-2324-1240152752-489.41234-0-0 [...] rt.cpan.org>
Content-Length: 624
Download (untitled) / with headers
text/plain 624b
Show quoted text
> I wrote a module to test the C code that does the actual work of > escaping non-printable characters. > » http://search.cpan.org/dist/PerlIO-via-escape_ansi/ > > The module itself is more a proof-of-concept, the XS being > extremely simple, and most probably subject to memory leaks. A true > PerlIO module should be written in full XS (but that's harder to > do, especially given my XS level). > > If you think this code is good enough, I'll integrate it in > Sys::Syslog.
Now done, http://svnweb.mongueurs.net/Sys-Syslog/revision/?rev=270 -- Sébastien Aperghis-Tramoni Close the world, txEn eht nepO.
MIME-Version: 1.0
X-Spam-Status: No, hits=0.0 required=8.0 tests=
In-Reply-To: <rt-3.6.HEAD-2324-1240152752-489.41234-6-0 [...] rt.cpan.org>
Content-Disposition: inline
References: <RT-Ticket-41234 [...] rt.cpan.org> <rt-3.6.HEAD-24168-1227693441-681.41234-4-0 [...] rt.cpan.org> <3B6C103C-5B20-4636-A310-7DFEE782587B [...] cpan.org> <CCE65B86-9F65-4FE0-B8D7-92368D9D4B27 [...] cpan.org> <rt-3.6.HEAD-2324-1240152752-489.41234-6-0 [...] rt.cpan.org>
Message-ID: <20090420073056.GA28744 [...] moon.overmeer.net>
Content-Type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by diesel.bestpractical.com (Postfix) with SMTP id AFECC4D8102 for <bug-Sys-Syslog [...] rt.cpan.org>; Mon, 20 Apr 2009 03:31:06 -0400 (EDT)
Received: (qmail 21267 invoked by uid 103); 20 Apr 2009 07:31:05 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 20 Apr 2009 07:31:05 -0000
Received: from mail.overmeer.net (HELO moon.overmeer.net) (194.109.195.227) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Mon, 20 Apr 2009 00:31:00 -0700
Received: by moon.overmeer.net (Postfix, from userid 1000) id C3CEAC10E; Mon, 20 Apr 2009 09:30:56 +0200 (CEST)
Delivered-To: cpan-bug+Sys-Syslog [...] diesel.bestpractical.com
Subject: Re: [rt.cpan.org #41234] escape escapes
User-Agent: Mutt/1.5.19 (2009-01-05)
Return-Path: <markov [...] overmeer.net>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: bug-Sys-Syslog [...] rt.cpan.org
Date: Mon, 20 Apr 2009 09:30:56 +0200
X-Spam-Level: *
To: Sébastien Aperghis-Tramoni via RT <bug-Sys-Syslog [...] rt.cpan.org>
Content-Transfer-Encoding: 8bit
From: Mark Overmeer <mark [...] overmeer.net>
RT-Message-ID: <rt-3.6.HEAD-2324-1240212675-291.41234-0-0 [...] rt.cpan.org>
Content-Length: 873
Download (untitled) / with headers
text/plain 873b
* Sébastien Aperghis-Tramoni via RT (bug-Sys-Syslog@rt.cpan.org) [090419 14:52]: Show quoted text
> <URL: http://rt.cpan.org/Ticket/Display.html?id=41234 >
> > I wrote a module to test the C code that does the actual work of > > escaping non-printable characters. > > » http://search.cpan.org/dist/PerlIO-via-escape_ansi/
> > Now done, http://svnweb.mongueurs.net/Sys-Syslog/revision/?rev=270
Your initial work has slipped my attention. It seems like a smart implementation, with minimal delay. Great. Should the conversion be disabled when EBCIDC? -- Great work! MarkOv ------------------------------------------------------------------------ Mark Overmeer MSc MARKOV Solutions Mark@Overmeer.net solutions@overmeer.net http://Mark.Overmeer.net http://solutions.overmeer.net
MIME-Version: 1.0 (Apple Message framework v753.1)
X-Spam-Status: No, hits=0.0 required=8.0 tests=
In-Reply-To: <rt-3.6.HEAD-2324-1240212675-291.41234-5-0 [...] rt.cpan.org>
X-Mailer: Apple Mail (2.753.1)
References: <RT-Ticket-41234 [...] rt.cpan.org> <rt-3.6.HEAD-24168-1227693441-681.41234-4-0 [...] rt.cpan.org> <3B6C103C-5B20-4636-A310-7DFEE782587B [...] cpan.org> <CCE65B86-9F65-4FE0-B8D7-92368D9D4B27 [...] cpan.org> <rt-3.6.HEAD-2324-1240152752-489.41234-6-0 [...] rt.cpan.org> <20090420073056.GA28744 [...] moon.overmeer.net> <rt-3.6.HEAD-2324-1240212675-291.41234-5-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"; delsp="yes"; format="flowed"
Message-ID: <46AABCCD-57DE-4281-BB03-CAABB964D1B7 [...] cpan.org>
X-RT-Original-Encoding: utf-8
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by diesel.bestpractical.com (Postfix) with SMTP id EB9F363CEB9 for <bug-Sys-Syslog [...] rt.cpan.org>; Mon, 20 Apr 2009 19:55:58 -0400 (EDT)
Received: (qmail 20840 invoked by uid 103); 20 Apr 2009 23:55:58 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 20 Apr 2009 23:55:58 -0000
Received: from smtp2-g21.free.fr (HELO smtp2-g21.free.fr) (212.27.42.2) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Mon, 20 Apr 2009 16:55:52 -0700
Received: from smtp2-g21.free.fr (localhost [127.0.0.1]) by smtp2-g21.free.fr (Postfix) with ESMTP id 70DDE4B0015 for <bug-Sys-Syslog [...] rt.cpan.org>; Tue, 21 Apr 2009 01:55:44 +0200 (CEST)
Received: from [192.168.1.100] (ant06-1-82-242-109-222.fbx.proxad.net [82.242.109.222]) by smtp2-g21.free.fr (Postfix) with ESMTP id 4231F4B002A for <bug-Sys-Syslog [...] rt.cpan.org>; Tue, 21 Apr 2009 01:55:42 +0200 (CEST)
Delivered-To: cpan-bug+Sys-Syslog [...] diesel.bestpractical.com
Subject: Re: [rt.cpan.org #41234] escape escapes
Return-Path: <saper [...] cpan.org>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: bug-Sys-Syslog [...] rt.cpan.org
Date: Tue, 21 Apr 2009 01:55:42 +0200
X-Spam-Level: *
To: bug-Sys-Syslog [...] rt.cpan.org
Content-Transfer-Encoding: quoted-printable
From: Sébastien Aperghis-Tramoni <saper [...] cpan.org>
RT-Message-ID: <rt-3.6.HEAD-10159-1240271786-1592.41234-0-0 [...] rt.cpan.org>
Content-Length: 805
Download (untitled) / with headers
text/plain 805b
Mark Overmeer wrote via RT: Show quoted text
> Sébastien Aperghis-Tramoni via RT (bug-Sys-Syslog@rt.cpan.org) > [090419 14:52]:
>>
>>> I wrote a module to test the C code that does the actual work of >>> escaping non-printable characters. >>> » http://search.cpan.org/dist/PerlIO-via-escape_ansi/
>> >> Now done, http://svnweb.mongueurs.net/Sys-Syslog/revision/?rev=270
> > Your initial work has slipped my attention. It seems like a smart > implementation, with minimal delay. Great. > > Should the conversion be disabled when EBCIDC?
Arrrrghhhhhh.... EBCDIC! Would do you hate me? Well, yes, but I guess that to be actually correct, we should have the corresponding translation table. Unless EBCDIC systems are immune to sequences attacks? -- Sébastien Aperghis-Tramoni Close the world, txEn eht nepO.
MIME-Version: 1.0
X-Spam-Status: No, hits=0.0 required=8.0 tests=
In-Reply-To: <rt-3.6.HEAD-10159-1240271786-1592.41234-6-0 [...] rt.cpan.org>
Content-Disposition: inline
References: <RT-Ticket-41234 [...] rt.cpan.org> <rt-3.6.HEAD-24168-1227693441-681.41234-4-0 [...] rt.cpan.org> <3B6C103C-5B20-4636-A310-7DFEE782587B [...] cpan.org> <CCE65B86-9F65-4FE0-B8D7-92368D9D4B27 [...] cpan.org> <rt-3.6.HEAD-2324-1240152752-489.41234-6-0 [...] rt.cpan.org> <20090420073056.GA28744 [...] moon.overmeer.net> <rt-3.6.HEAD-2324-1240212675-291.41234-5-0 [...] rt.cpan.org> <46AABCCD-57DE-4281-BB03-CAABB964D1B7 [...] cpan.org> <rt-3.6.HEAD-10159-1240271786-1592.41234-6-0 [...] rt.cpan.org>
Message-ID: <20090421065237.GC11878 [...] moon.overmeer.net>
Content-Type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by diesel.bestpractical.com (Postfix) with SMTP id 20BA84DCFCF for <bug-Sys-Syslog [...] rt.cpan.org>; Tue, 21 Apr 2009 02:52:48 -0400 (EDT)
Received: (qmail 23223 invoked by uid 103); 21 Apr 2009 06:52:48 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 21 Apr 2009 06:52:48 -0000
Received: from mail.overmeer.net (HELO moon.overmeer.net) (194.109.195.227) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Mon, 20 Apr 2009 23:52:43 -0700
Received: by moon.overmeer.net (Postfix, from userid 1000) id 034C7C116; Tue, 21 Apr 2009 08:52:37 +0200 (CEST)
Delivered-To: cpan-bug+Sys-Syslog [...] diesel.bestpractical.com
Subject: Re: [rt.cpan.org #41234] escape escapes
User-Agent: Mutt/1.5.19 (2009-01-05)
Return-Path: <markov [...] overmeer.net>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: bug-Sys-Syslog [...] rt.cpan.org
Date: Tue, 21 Apr 2009 08:52:37 +0200
X-Spam-Level: *
To: Sébastien Aperghis-Tramoni via RT <bug-Sys-Syslog [...] rt.cpan.org>
Content-Transfer-Encoding: 8bit
From: Mark Overmeer <solutions [...] overmeer.net>
RT-Message-ID: <rt-3.6.HEAD-10159-1240296778-1666.41234-0-0 [...] rt.cpan.org>
Content-Length: 852
Download (untitled) / with headers
text/plain 852b
* Sébastien Aperghis-Tramoni via RT (bug-Sys-Syslog@rt.cpan.org) [090420 23:56]: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=41234 > > Arrrrghhhhhh.... EBCDIC! Would do you hate me? > Well, yes, but I guess that to be actually correct, we should have > the corresponding translation table. Unless EBCDIC systems are immune > to sequences attacks?
I think a simple #ifdef would do, simply exclude all the logic. But I do not know which compile flag to test for. (Haven't touched an EBDDIC system in 15 years) -- Regards, MarkOv ------------------------------------------------------------------------ drs Mark A.C.J. Overmeer MARKOV Solutions Mark@Overmeer.net solutions@overmeer.net http://Mark.Overmeer.net http://solutions.overmeer.net
MIME-Version: 1.0 (Apple Message framework v753.1)
X-Spam-Status: No, hits=0.0 required=8.0 tests=
In-Reply-To: <rt-3.6.HEAD-10159-1240296778-1666.41234-5-0 [...] rt.cpan.org>
X-Mailer: Apple Mail (2.753.1)
References: <RT-Ticket-41234 [...] rt.cpan.org> <rt-3.6.HEAD-24168-1227693441-681.41234-4-0 [...] rt.cpan.org> <3B6C103C-5B20-4636-A310-7DFEE782587B [...] cpan.org> <CCE65B86-9F65-4FE0-B8D7-92368D9D4B27 [...] cpan.org> <rt-3.6.HEAD-2324-1240152752-489.41234-6-0 [...] rt.cpan.org> <20090420073056.GA28744 [...] moon.overmeer.net> <rt-3.6.HEAD-2324-1240212675-291.41234-5-0 [...] rt.cpan.org> <46AABCCD-57DE-4281-BB03-CAABB964D1B7 [...] cpan.org> <rt-3.6.HEAD-10159-1240271786-1592.41234-6-0 [...] rt.cpan.org> <20090421065237.GC11878 [...] moon.overmeer.net> <rt-3.6.HEAD-10159-1240296778-1666.41234-5-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"; delsp="yes"; format="flowed"
Message-ID: <7D12E373-CF24-4E33-AC28-5F7338CF0EE1 [...] cpan.org>
X-RT-Original-Encoding: utf-8
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by diesel.bestpractical.com (Postfix) with SMTP id 3217C23C112 for <bug-Sys-Syslog [...] rt.cpan.org>; Tue, 28 Apr 2009 16:18:49 -0400 (EDT)
Received: (qmail 23724 invoked by uid 103); 28 Apr 2009 20:18:49 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 28 Apr 2009 20:18:49 -0000
Received: from smtp1-g21.free.fr (HELO smtp1-g21.free.fr) (212.27.42.1) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Tue, 28 Apr 2009 13:18:42 -0700
Received: from smtp1-g21.free.fr (localhost [127.0.0.1]) by smtp1-g21.free.fr (Postfix) with ESMTP id 3AA7F94004B for <bug-Sys-Syslog [...] rt.cpan.org>; Tue, 28 Apr 2009 22:18:34 +0200 (CEST)
Received: from [192.168.1.100] (ant06-1-82-242-109-222.fbx.proxad.net [82.242.109.222]) by smtp1-g21.free.fr (Postfix) with ESMTP id 4B4E89400F6 for <bug-Sys-Syslog [...] rt.cpan.org>; Tue, 28 Apr 2009 22:18:32 +0200 (CEST)
Delivered-To: cpan-bug+Sys-Syslog [...] diesel.bestpractical.com
Subject: Re: [rt.cpan.org #41234] escape escapes
Return-Path: <saper [...] cpan.org>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: bug-Sys-Syslog [...] rt.cpan.org
Date: Tue, 28 Apr 2009 22:18:41 +0200
X-Spam-Level: *
To: bug-Sys-Syslog [...] rt.cpan.org
Content-Transfer-Encoding: quoted-printable
From: Sébastien Aperghis-Tramoni <saper [...] cpan.org>
RT-Message-ID: <rt-3.6.HEAD-10159-1240949944-1607.41234-0-0 [...] rt.cpan.org>
Content-Length: 771
Download (untitled) / with headers
text/plain 771b
Mark Overmeer wrote via RT: Show quoted text
>> Arrrrghhhhhh.... EBCDIC! Would do you hate me? >> Well, yes, but I guess that to be actually correct, we should have >> the corresponding translation table. Unless EBCDIC systems are immune >> to sequences attacks?
> > I think a simple #ifdef would do, simply exclude all the logic. But I > do not know which compile flag to test for. (Haven't touched an > EBDDIC > system in 15 years)
I never touched an EBCDIC system. Hopefully, a quick search through perlport gave me the correct way to know whether we're on EBCDIC in the Perl side: use constant EBCDIC => ord("A") == 193; I also found that there's a C macro "EBCDIC", so we can detect this both sides. -- Sébastien Aperghis-Tramoni Close the world, txEn eht nepO.
MIME-Version: 1.0
X-Spam-Status: No, hits=0.0 required=8.0 tests=
In-Reply-To: <20090421065237.GC11878 [...] moon.overmeer.net>
Content-Disposition: inline
References: <RT-Ticket-41234 [...] rt.cpan.org> <rt-3.6.HEAD-24168-1227693441-681.41234-4-0 [...] rt.cpan.org> <3B6C103C-5B20-4636-A310-7DFEE782587B [...] cpan.org> <CCE65B86-9F65-4FE0-B8D7-92368D9D4B27 [...] cpan.org> <rt-3.6.HEAD-2324-1240152752-489.41234-6-0 [...] rt.cpan.org> <20090420073056.GA28744 [...] moon.overmeer.net> <rt-3.6.HEAD-2324-1240212675-291.41234-5-0 [...] rt.cpan.org> <46AABCCD-57DE-4281-BB03-CAABB964D1B7 [...] cpan.org> <rt-3.6.HEAD-10159-1240271786-1592.41234-6-0 [...] rt.cpan.org> <20090421065237.GC11878 [...] moon.overmeer.net>
Message-ID: <20090730083543.GK19155 [...] moon.overmeer.net>
Content-Type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by diesel.bestpractical.com (Postfix) with SMTP id 9113D19B82C6 for <bug-Sys-Syslog [...] rt.cpan.org>; Thu, 30 Jul 2009 04:35:55 -0400 (EDT)
Received: (qmail 8609 invoked by uid 103); 30 Jul 2009 08:35:54 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 30 Jul 2009 08:35:54 -0000
Received: from mail.overmeer.net (HELO moon.overmeer.net) (194.109.195.227) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Thu, 30 Jul 2009 01:35:48 -0700
Received: by moon.overmeer.net (Postfix, from userid 1000) id 0EF78C206; Thu, 30 Jul 2009 10:35:44 +0200 (CEST)
Delivered-To: cpan-bug+Sys-Syslog [...] diesel.bestpractical.com
Subject: Re: [rt.cpan.org #41234] escape escapes
User-Agent: Mutt/1.5.19 (2009-01-05)
Return-Path: <markov [...] overmeer.net>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: bug-Sys-Syslog [...] rt.cpan.org
Date: Thu, 30 Jul 2009 10:35:43 +0200
X-Spam-Level: *
To: Sébastien Aperghis-Tramoni via RT <bug-Sys-Syslog [...] rt.cpan.org>
Content-Transfer-Encoding: 8bit
From: Mark Overmeer <solutions [...] overmeer.net>
RT-Message-ID: <rt-3.6.HEAD-14916-1248942968-1045.41234-0-0 [...] rt.cpan.org>
Content-Length: 741
Download (untitled) / with headers
text/plain 741b
Hey Sébastien, Any chance on releasing Sys::Syslog with charset protections within a forseeable future? See you in Lisbon? MarkOv * MARKOV Solutions (solutions@overmeer.net) [090421 08:52]: Show quoted text
> * Sébastien Aperghis-Tramoni via RT (bug-Sys-Syslog@rt.cpan.org) [090420 23:56]:
> > <URL: https://rt.cpan.org/Ticket/Display.html?id=41234 > > > Arrrrghhhhhh.... EBCDIC! Would do you hate me? > > Well, yes, but I guess that to be actually correct, we should have > > the corresponding translation table. Unless EBCDIC systems are immune > > to sequences attacks?
> > I think a simple #ifdef would do, simply exclude all the logic. But I > do not know which compile flag to test for. (Haven't touched an EBDDIC > system in 15 years)
MIME-Version: 1.0 (Apple Message framework v753.1)
X-Spam-Status: No, hits=0.0 required=8.0 tests=
In-Reply-To: <rt-3.6.HEAD-14916-1248942968-1045.41234-5-0 [...] rt.cpan.org>
X-Mailer: Apple Mail (2.753.1)
References: <RT-Ticket-41234 [...] rt.cpan.org> <rt-3.6.HEAD-24168-1227693441-681.41234-4-0 [...] rt.cpan.org> <3B6C103C-5B20-4636-A310-7DFEE782587B [...] cpan.org> <CCE65B86-9F65-4FE0-B8D7-92368D9D4B27 [...] cpan.org> <20090420073056.GA28744 [...] moon.overmeer.net> <rt-3.6.HEAD-2324-1240212675-291.41234-5-0 [...] rt.cpan.org> <46AABCCD-57DE-4281-BB03-CAABB964D1B7 [...] cpan.org> <rt-3.6.HEAD-10159-1240271786-1592.41234-6-0 [...] rt.cpan.org> <20090421065237.GC11878 [...] moon.overmeer.net> <20090730083543.GK19155 [...] moon.overmeer.net> <rt-3.6.HEAD-14916-1248942968-1045.41234-5-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"; delsp="yes"; format="flowed"
Message-ID: <552A88BE-D3D4-43A4-B6F6-EF1C85A9D3A0 [...] cpan.org>
X-RT-Original-Encoding: utf-8
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by diesel.bestpractical.com (Postfix) with SMTP id 2650719B8323 for <bug-Sys-Syslog [...] rt.cpan.org>; Thu, 30 Jul 2009 14:50:27 -0400 (EDT)
Received: (qmail 31470 invoked by uid 103); 30 Jul 2009 18:50:26 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 30 Jul 2009 18:50:26 -0000
Received: from smtp4-g21.free.fr (HELO smtp4-g21.free.fr) (212.27.42.4) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Thu, 30 Jul 2009 11:50:20 -0700
Received: from smtp4-g21.free.fr (localhost [127.0.0.1]) by smtp4-g21.free.fr (Postfix) with ESMTP id 331034C802F for <bug-Sys-Syslog [...] rt.cpan.org>; Thu, 30 Jul 2009 20:50:12 +0200 (CEST)
Received: from [192.168.1.100] (ant06-1-82-242-109-222.fbx.proxad.net [82.242.109.222]) by smtp4-g21.free.fr (Postfix) with ESMTP id 44FF94C8146 for <bug-Sys-Syslog [...] rt.cpan.org>; Thu, 30 Jul 2009 20:50:09 +0200 (CEST)
Delivered-To: cpan-bug+Sys-Syslog [...] diesel.bestpractical.com
Subject: Re: [rt.cpan.org #41234] escape escapes
Return-Path: <saper [...] cpan.org>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: bug-Sys-Syslog [...] rt.cpan.org
Date: Thu, 30 Jul 2009 20:50:11 +0200
X-Spam-Level: *
To: bug-Sys-Syslog [...] rt.cpan.org
Content-Transfer-Encoding: quoted-printable
From: Sébastien Aperghis-Tramoni <saper [...] cpan.org>
RT-Message-ID: <rt-3.6.HEAD-14916-1248979837-611.41234-0-0 [...] rt.cpan.org>
Content-Length: 684
Download (untitled) / with headers
text/plain 684b
Mark Overmeer wrote via RT: Show quoted text
> Hey Sébastien,
Hello Mark Show quoted text
> Any chance on releasing Sys::Syslog with charset protections > within a forseeable future?
As soon as I can rework the code to avoid it to leak / crash. I'm not a very good C programmer, and clearly not a good XS one. I haven't released the current code because when executing the tests suite, it crashes Perl. I know I must rewrite the way the internal escaping function works. Just haven't found the time/motivation to do it for now. Show quoted text
> See you in Lisbon?
Yup, I'm supposed to talk there. And I'm supposed to write slides beforehand (argh). -- Sébastien Aperghis-Tramoni Close the world, txEn eht nepO.
MIME-Version: 1.0
X-Spam-Status: No, hits=0.0 required=8.0 tests=
In-Reply-To: <rt-3.6.HEAD-14916-1248979837-611.41234-6-0 [...] rt.cpan.org>
Content-Disposition: inline
References: <rt-3.6.HEAD-24168-1227693441-681.41234-4-0 [...] rt.cpan.org> <3B6C103C-5B20-4636-A310-7DFEE782587B [...] cpan.org> <CCE65B86-9F65-4FE0-B8D7-92368D9D4B27 [...] cpan.org> <46AABCCD-57DE-4281-BB03-CAABB964D1B7 [...] cpan.org> <rt-3.6.HEAD-10159-1240271786-1592.41234-6-0 [...] rt.cpan.org> <20090421065237.GC11878 [...] moon.overmeer.net> <20090730083543.GK19155 [...] moon.overmeer.net> <rt-3.6.HEAD-14916-1248942968-1045.41234-5-0 [...] rt.cpan.org> <552A88BE-D3D4-43A4-B6F6-EF1C85A9D3A0 [...] cpan.org> <rt-3.6.HEAD-14916-1248979837-611.41234-6-0 [...] rt.cpan.org>
Message-ID: <20090730213857.GB7980 [...] moon.overmeer.net>
Content-Type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by diesel.bestpractical.com (Postfix) with SMTP id 961AF4D80BF for <bug-Sys-Syslog [...] rt.cpan.org>; Thu, 30 Jul 2009 17:39:08 -0400 (EDT)
Received: (qmail 13594 invoked by uid 103); 30 Jul 2009 21:39:07 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 30 Jul 2009 21:39:07 -0000
Received: from mail.overmeer.net (HELO moon.overmeer.net) (194.109.195.227) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Thu, 30 Jul 2009 14:39:01 -0700
Received: by moon.overmeer.net (Postfix, from userid 1000) id 8E734C202; Thu, 30 Jul 2009 23:38:57 +0200 (CEST)
Delivered-To: cpan-bug+Sys-Syslog [...] diesel.bestpractical.com
Subject: Re: [rt.cpan.org #41234] escape escapes
User-Agent: Mutt/1.5.19 (2009-01-05)
Return-Path: <markov [...] overmeer.net>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: bug-Sys-Syslog [...] rt.cpan.org
Date: Thu, 30 Jul 2009 23:38:57 +0200
X-Spam-Level: *
To: Sébastien Aperghis-Tramoni via RT <bug-Sys-Syslog [...] rt.cpan.org>
Content-Transfer-Encoding: 8bit
From: Mark Overmeer <solutions [...] overmeer.net>
RT-Message-ID: <rt-3.6.HEAD-14916-1248989957-690.41234-0-0 [...] rt.cpan.org>
Content-Length: 1276
Download (untitled) / with headers
text/plain 1.2k
* Sébastien Aperghis-Tramoni via RT (bug-Sys-Syslog@rt.cpan.org) [090730 18:50]: Show quoted text
> As soon as I can rework the code to avoid it to leak / crash. I'm not > a very good C programmer, and clearly not a good XS one. I haven't > released the current code because when executing the tests suite, it > crashes Perl. I know I must rewrite the way the internal escaping > function works. Just haven't found the time/motivation to do it for now.
I did program C for 10 years. But XS is an other thing. char * escape_non_printable_chars(const char *input) { if (num == 0) return (char *) input; Here, you change a "const *" into a non-const, allowing the original input buffer to be overwritten via the pointer which is returned. Don't: make both const. For memory allocation, you should probably use the New... macros (discribed in perlguts), and Safefree. Maybe we should ask Nick for help... -- Greetz, Good luck with your presentation, MarkOv ------------------------------------------------------------------------ Mark Overmeer MSc MARKOV Solutions Mark@Overmeer.net solutions@overmeer.net http://Mark.Overmeer.net http://solutions.overmeer.net
MIME-Version: 1.0 (Apple Message framework v753.1)
X-Spam-Status: No, hits=0.0 required=8.0 tests=
In-Reply-To: <rt-3.6.HEAD-14916-1248989957-690.41234-5-0 [...] rt.cpan.org>
X-Mailer: Apple Mail (2.753.1)
References: <RT-Ticket-41234 [...] rt.cpan.org> <rt-3.6.HEAD-24168-1227693441-681.41234-4-0 [...] rt.cpan.org> <3B6C103C-5B20-4636-A310-7DFEE782587B [...] cpan.org> <CCE65B86-9F65-4FE0-B8D7-92368D9D4B27 [...] cpan.org> <20090421065237.GC11878 [...] moon.overmeer.net> <20090730083543.GK19155 [...] moon.overmeer.net> <rt-3.6.HEAD-14916-1248942968-1045.41234-5-0 [...] rt.cpan.org> <552A88BE-D3D4-43A4-B6F6-EF1C85A9D3A0 [...] cpan.org> <rt-3.6.HEAD-14916-1248979837-611.41234-6-0 [...] rt.cpan.org> <20090730213857.GB7980 [...] moon.overmeer.net> <rt-3.6.HEAD-14916-1248989957-690.41234-5-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"; delsp="yes"; format="flowed"
Message-ID: <3E373BD9-A843-46B5-8260-C2E0C29102B3 [...] cpan.org>
X-RT-Original-Encoding: utf-8
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by diesel.bestpractical.com (Postfix) with SMTP id B70914D814D for <bug-Sys-Syslog [...] rt.cpan.org>; Thu, 30 Jul 2009 18:35:52 -0400 (EDT)
Received: (qmail 2094 invoked by uid 103); 30 Jul 2009 22:35:52 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 30 Jul 2009 22:35:52 -0000
Received: from smtp4-g21.free.fr (HELO smtp4-g21.free.fr) (212.27.42.4) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Thu, 30 Jul 2009 15:35:45 -0700
Received: from smtp4-g21.free.fr (localhost [127.0.0.1]) by smtp4-g21.free.fr (Postfix) with ESMTP id 025D24C807F for <bug-Sys-Syslog [...] rt.cpan.org>; Fri, 31 Jul 2009 00:35:38 +0200 (CEST)
Received: from [192.168.1.100] (ant06-1-82-242-109-222.fbx.proxad.net [82.242.109.222]) by smtp4-g21.free.fr (Postfix) with ESMTP id 118CE4C80B5 for <bug-Sys-Syslog [...] rt.cpan.org>; Fri, 31 Jul 2009 00:35:36 +0200 (CEST)
Delivered-To: cpan-bug+Sys-Syslog [...] diesel.bestpractical.com
Subject: Re: [rt.cpan.org #41234] escape escapes
Return-Path: <saper [...] cpan.org>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: bug-Sys-Syslog [...] rt.cpan.org
Date: Fri, 31 Jul 2009 00:35:37 +0200
X-Spam-Level: *
To: bug-Sys-Syslog [...] rt.cpan.org
Content-Transfer-Encoding: quoted-printable
From: Sébastien Aperghis-Tramoni <saper [...] cpan.org>
RT-Message-ID: <rt-3.6.HEAD-14916-1248993363-1774.41234-0-0 [...] rt.cpan.org>
Content-Length: 1715
Download (untitled) / with headers
text/plain 1.6k
Mark Overmeer wrote via RT: Show quoted text
> * Sébastien Aperghis-Tramoni via RT (bug-Sys-Syslog@rt.cpan.org) > [090730 18:50]:
>> As soon as I can rework the code to avoid it to leak / crash. I'm not >> a very good C programmer, and clearly not a good XS one. I haven't >> released the current code because when executing the tests suite, it >> crashes Perl. I know I must rewrite the way the internal escaping >> function works. Just haven't found the time/motivation to do it >> for now.
> > I did program C for 10 years. But XS is an other thing. > > char * escape_non_printable_chars(const char *input) { > if (num == 0) > return (char *) input; > > Here, you change a "const *" into a non-const, allowing the original > input buffer to be overwritten via the pointer which is returned. > Don't: make both const.
When I first wrote this code, I wanted to be smart and avoid useless memory allocation. Now I think it should just be simpler and more consistent. Show quoted text
> For memory allocation, you should probably use the New... macros > (discribed in perlguts), and Safefree.
IIRC, when I looked at Perl headers, they already redeclare malloc() and free() to use internal Perl functions. I'd prefer to keep the escaping code generic so anyone could copy it, because I wasn't able to find similar code on the intarweb. Show quoted text
> Maybe we should ask Nick for help...
Now that he has forked, he'll have even less free time ;-) I don't think the problem is very complex and worth annoying Nicholas or Raphaël, it's just that I haven't spend enough time on it. Then, once I think the code is good enough, I'll send it to P5P for review. -- Sébastien Aperghis-Tramoni Close the world, txEn eht nepO.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.