Skip to content

fix for issues in ssn_verify such as infinite loop. #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 13, 2012
Merged

fix for issues in ssn_verify such as infinite loop. #10

merged 1 commit into from
Nov 13, 2012

Conversation

hideaki
Copy link
Contributor

@hideaki hideaki commented Nov 13, 2012

This is fixes in ssn_verify, which verifies valid US social security number.
I figured that it's intention is the following.

  • Reject if it does not include 9 numeric chars.
  • Reject if the 9 digits are repetition of same number. ex. 111-11-1111
  • Reject if the 9 digits are sequential numbers. ex. 123-45-6789
  • Reject if one of the fields are all zero. ex. 235-00-4829
  • Reject if the first 3 digits are 666 or larger than or equal to 740

The function ssn_verify had following issues, which I fixed in this patch.

  • Infinite loop caused by mixing i (string index) and digits (digits index)
  • false negative caused by mixing len-1 (string length - 1) and 8 (number of digits - 1)
    ex. 123-45-6789 was considered valid before fixing this.
  • cleaned up usage of variable names.
    For example, variable "sequencial" was used for check
    of not being repetition of same numbers.
  • For the clarity of the code, I made sequential check logic similar to repetition check logic.
    (check if the times adjacent digits are sequential/repetitive are 8 or not.)

brenosilva added a commit that referenced this pull request Nov 13, 2012
@brenosilva
Merge pull request #10 from hideaki/verifyssn_infinite_loop
bd3d070 
fix for issues in ssn_verify such as infinite loop.
@brenosilva brenosilva merged commit bd3d070 into owasp-modsecurity:remotes/trunk Nov 13, 2012
This was referenced Oct 17, 2013
Closed
Closed
@akamatgi akamatgi mentioned this pull request Mar 19, 2014
Closed
@ghost ghost mentioned this pull request Apr 19, 2014
Closed
@DOSarrest DOSarrest mentioned this pull request May 15, 2014
Closed
This was referenced Oct 28, 2014
Closed
Closed
@pbesedm pbesedm mentioned this pull request May 8, 2015
Closed
@thienphung thienphung mentioned this pull request Sep 17, 2015
Closed
@skvoboo skvoboo mentioned this pull request Sep 21, 2015
Closed
@pbesedm pbesedm mentioned this pull request Mar 12, 2016
Closed
@Menahem1 Menahem1 mentioned this pull request Feb 11, 2017
Closed
@wergoth wergoth mentioned this pull request Jul 25, 2017
Closed
@majordaw majordaw mentioned this pull request Sep 26, 2017
Closed
@monkburger monkburger mentioned this pull request Mar 10, 2018
Closed
@markblackman markblackman mentioned this pull request Jul 9, 2019
Open
@KfirManSnunit KfirManSnunit mentioned this pull request Dec 23, 2019
Closed
@mmelo-yottaa mmelo-yottaa mentioned this pull request May 2, 2020
Closed
@artemvarlyga artemvarlyga mentioned this pull request Oct 26, 2020
Closed
@marcstern marcstern mentioned this pull request Oct 21, 2021
Closed
@TomasKorbar TomasKorbar mentioned this pull request Oct 20, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hideaki @brenosilva