[39172] in bugtraq
Re: Arbitrary code execution in eping plugin
daemon@ATHENA.MIT.EDU (Christoph 'knurd' Jeschke)
Tue Jun 14 18:33:55 2005
Message-ID: <42AF442C.3070406@gmail.com>
Date: Tue, 14 Jun 2005 22:55:08 +0200
From: "Christoph 'knurd' Jeschke" <christoph.jeschke@gmail.com>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
In-Reply-To: <1346951001.20050614090209@netdork.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Jonathan Angliss schrieb:
> Won't match IPv6 addresses, but neither will the original code, and it
> matches IP addresses perfectly I believe.
My Suggestion for IPv4 is:
^(?!0+\.0+\.0+\.0+$)([01]?\d{1,2}|2[0-2][0-3])\.([01]?\d{1,2}|2[0-4]\d|25[0-5])\.([01]?\d{1,2}|2[0-4]\d|25[0-5])\.([01]?\d{1,2}|2[0-4]\d|25[0-5])$
So 0.0.0.0 (Internet) doesn't match, just as 224.0.0.0/4 (Multicast) and
240.0.0.0/4 (Future Use) as described in RFC3330.
(based on the Regex from Mastering Regular Expression, Jeffrey E.F. Friedl)
Any further suggestions?
