Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2026-01-14 04:41:18 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix(plugins): add regex length limit (#7802)

Browse Source
This commit is contained in:
Ville Vesilehto
2026-01-05 19:48:48 +02:00
committed by GitHub
parent adba778626
commit b723bd94d4
15 changed files with 117 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plugin/errors/README.md
View File

@@ -29,7 +29,7 @@ errors {
Option `stacktrace` will log a stacktrace during panic recovery.
Option `consolidate` allows collecting several error messages matching the regular expression **REGEXP** during **DURATION**. After the **DURATION** since receiving the first such message, the consolidated message will be printed to standard output with
Option `consolidate` allows collecting several error messages matching the regular expression **REGEXP** during **DURATION**. **REGEXP** must not exceed 10000 characters. After the **DURATION** since receiving the first such message, the consolidated message will be printed to standard output with
log level, which is configurable by optional option **LEVEL**. Supported options for **LEVEL** option are `warning`,`error`,`info` and `debug`.
~~~
2 errors like '^read udp .* i/o timeout$' occurred in last 30s

7
plugin/errors/setup.go
View File

@@ -9,6 +9,10 @@ import (
"github.com/coredns/coredns/plugin"
)
// maxRegexpLen is a hard limit on the length of a regex pattern to prevent
// OOM during regex compilation with malicious input.
const maxRegexpLen = 10000
func init() { plugin.Register("errors", setup) }
func setup(c *caddy.Controller) error {
@@ -78,6 +82,9 @@ func parseConsolidate(c *caddy.Controller) (*pattern, error) {
if err != nil {
return nil, c.Err(err.Error())
}
if len(args[1]) > maxRegexpLen {
return nil, c.Errf("regex pattern too long: %d > %d", len(args[1]), maxRegexpLen)
}
re, err := regexp.Compile(args[1])
if err != nil {
return nil, c.Err(err.Error())

17
plugin/errors/setup_test.go
View File

@@ -2,6 +2,7 @@ package errors
import (
"bytes"
"fmt"
golog "log"
"strings"
"testing"
@@ -250,3 +251,19 @@ func TestShowFirstOption(t *testing.T) {
})
}
}
func TestErrorsParseLargeRegex(t *testing.T) {
largeRegex := strings.Repeat("a", maxRegexpLen+1)
config := fmt.Sprintf(`errors {
consolidate 1m %s
}`, largeRegex)
c := caddy.NewTestController("dns", config)
_, err := errorsParse(c)
if err == nil {
t.Fatal("Expected error for large regex, got nil")
}
if !strings.Contains(err.Error(), "too long") {
t.Errorf("Expected 'too long' error, got: %v", err)
}
}