Re^3: Vulnerabilities when editing untrusted code... (compiletime injection in regex)

OK the term "eval-group" seems to refer to an optimization which concats 2 strings °

'' =~ ('STRING1'.'STRING2');

but if you don't bother splitting up the BEGIN you can still inject code at compiletime :(

D:\tmp\pm>type unsafe_regex_BEGIN.pl
exit;
'' =~ m/(?{ BEGIN{ die "owned"} })/ ;

D:\tmp\pm>perl -c unsafe_regex_BEGIN.pl
owned at unsafe_regex_BEGIN.pl line 2.
BEGIN failed--compilation aborted at unsafe_regex_BEGIN.pl line 2.

D:\tmp\pm>
[download]

Cheers Rolf
_{(addicted to the Perl Programming Language :)

Wikisyntax for the Monastery}

°) and variable interpolation in general see re#'eval'-mode

Comment on Re^3: Vulnerabilities when editing untrusted code... (compiletime injection in regex) Select or Download Code