Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2026-01-17 22:31:18 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix(plugins): add regex length limit (#7802)

Browse Source
This commit is contained in:
Ville Vesilehto
2026-01-05 19:48:48 +02:00
committed by GitHub
parent adba778626
commit b723bd94d4
15 changed files with 117 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
plugin/rewrite/name.go
View File

@@ -13,6 +13,10 @@ import (
"github.com/miekg/dns"
)
// maxRegexpLen is a hard limit on the length of a regex pattern to prevent
// OOM during regex compilation with malicious input.
const maxRegexpLen = 10000
// stringRewriter rewrites a string
type stringRewriter interface {
rewriteString(src string) string
@@ -438,6 +442,9 @@ func getSubExprUsage(s string) int {
// isValidRegexPattern returns a regular expression for pattern matching or errors, if any.
func isValidRegexPattern(rewriteFrom, rewriteTo string) (*regexp.Regexp, error) {
if len(rewriteFrom) > maxRegexpLen {
return nil, fmt.Errorf("regex pattern too long: %d > %d", len(rewriteFrom), maxRegexpLen)
}
rewriteFromPattern, err := regexp.Compile(rewriteFrom)
if err != nil {
return nil, fmt.Errorf("invalid regex matching pattern: %s", rewriteFrom)