[ic] search error: Limit subroutine creation

Stefan Hornburg Racke interchange-users@interchange.redhat.com
Sat Nov 24 13:43:01 2001


Steffen Dettmer <steffen@dett.de> writes:

> * cfm@maine.com wrote on Fri, Nov 23, 2001 at 18:48 -0500:
> > On Fri, Nov 23, 2001 at 11:56:20PM +0100, Joachim Leidinger wrote:
> > > > > search error: Limit subroutine creation: Bad code: /SCSI-III (U2W/:
> > > > > unmatched () in regexp at (eval 230) line 6, <SEARCH> chunk 1.
> > 
> > /SCSI-III (U2W/  <---- Oops, that last / is killing the parenthesis
> > match.  Not that you want that either!
> 
> I haven't checked the code, but for me it looks dangerous that
> there is not input validator putting an error before. What would
> happen when the user constructs careful search strings like
> se=x/;some_perl_code or similar?

I suppose that the search code is protected against such things.

> 
> > My suggest is that you use another category string, 
> > "SCSI_III_U2W_160_LVD_Kabel" is what Squash sub would produce.
> 
> This stops IC from generating non-working links, but an attacker
> could request them with faked pages of course. Do I have to carry
> about such issues when developing a catalog with ITL, or is it
> safe by it's concepts?

There is some possibility that users drain your databases. You
can avoid this with the NoSearch directive, which is by default
set to userdb.

Ciao
        Racke

-- 
Die Erde bleibt keine Scheibe. --- The earth remains no disk.

For projects and other business stuff please refer to COBOLT NetServices
(URL: http://www.cobolt.net; Email: info@cobolt.net; Phone: 0041-1-3884400)