|
From: | anonymous |
Subject: | [Octave-bug-tracker] [bug #47976] str2num can perform arbitrary code |
Date: | Sun, 22 May 2016 14:52:55 +0000 (UTC) |
User-agent: | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36 |
URL: <http://savannah.gnu.org/bugs/?47976> Summary: str2num can perform arbitrary code Project: GNU Octave Submitted by: None Submitted on: Sun 22 May 2016 14:52:52 UTC Category: Octave Function Severity: 3 - Normal Priority: 5 - Normal Item Group: Matlab Compatibility Status: None Assigned to: None Originator Name: Andrew Thornton Originator Email: address@hidden Open/Closed: Open Discussion Lock: Any Release: 4.0.2 Operating System: Any _______________________________________________________ Details: The current implementation of str2num uses eval to convert the provided string into a number and does so without any escaping. This allows arbitrary code to be run, for example: str2num('];exit;[') _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/bugs/?47976> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/
[Prev in Thread] | Current Thread | [Next in Thread] |