Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2026-01-12 20:01:18 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix(plugins): add regex length limit (#7802)

Browse Source
This commit is contained in:
Ville Vesilehto
2026-01-05 19:48:48 +02:00
committed by GitHub
parent adba778626
commit b723bd94d4
15 changed files with 117 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
plugin/template/setup.go
View File

@@ -13,6 +13,10 @@ import (
"github.com/miekg/dns"
)
// maxRegexpLen is a hard limit on the length of a regex pattern to prevent
// OOM during regex compilation with malicious input.
const maxRegexpLen = 10000
func init() { plugin.Register("template", setupTemplate) }
func setupTemplate(c *caddy.Controller) error {
@@ -67,6 +71,9 @@ func templateParse(c *caddy.Controller) (handler Handler, err error) {
return handler, c.ArgErr()
}
for _, regex := range args {
if len(regex) > maxRegexpLen {
return handler, c.Errf("regex pattern too long: %d > %d", len(regex), maxRegexpLen)
}
r, err := regexp.Compile(regex)
if err != nil {
return handler, c.Errf("could not parse regex: %s, %v", regex, err)