[Octave-bug-tracker] [bug #47976] str2num can perform arbitrary code

octave-bug-tracker

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Octave-bug-tracker] [bug #47976] str2num can perform arbitrary code

From:	anonymous
Subject:	[Octave-bug-tracker] [bug #47976] str2num can perform arbitrary code
Date:	Sun, 22 May 2016 14:52:55 +0000 (UTC)
User-agent:	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36

URL:
  <http://savannah.gnu.org/bugs/?47976>

                 Summary: str2num can perform arbitrary code
                 Project: GNU Octave
            Submitted by: None
            Submitted on: Sun 22 May 2016 14:52:52 UTC
                Category: Octave Function
                Severity: 3 - Normal
                Priority: 5 - Normal
              Item Group: Matlab Compatibility
                  Status: None
             Assigned to: None
         Originator Name: Andrew Thornton
        Originator Email: address@hidden
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 4.0.2
        Operating System: Any

    _______________________________________________________

Details:

The current implementation of str2num uses eval to convert the provided string
into a number and does so without any escaping. This allows arbitrary code to
be run, for example:


str2num('];exit;[')







    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?47976>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[Octave-bug-tracker] [bug #47976] str2num can perform arbitrary code, anonymous <=
- [Octave-bug-tracker] [bug #47976] str2num can perform arbitrary code, Philip Nienhuis, 2016/05/22
  - [Octave-bug-tracker] [bug #47976] str2num can perform arbitrary code, anonymous, 2016/05/22
    - [Octave-bug-tracker] [bug #47976] str2num can perform arbitrary code, Mike Miller, 2016/05/22

Prev by Date: [Octave-bug-tracker] [bug #47968] mxe-octave: build of default branch fails with "unable to deduce 'const auto' from 'octave::sys::popen2'"
Next by Date: [Octave-bug-tracker] [bug #47950] glob and dir functions fail with escaped wildcard characters in Windows
Previous by thread: [Octave-bug-tracker] [bug #47974] Visual differences between gnuplot and OpenGL toolkits
Next by thread: [Octave-bug-tracker] [bug #47976] str2num can perform arbitrary code
Index(es):
- Date
- Thread