fix(auto): limit regex length (#7737)

A very large regex for the auto plugin in the Corefile could cause CoreDNS to OOM. This change adds an artificial limit of 10k characters for the regex pattern. Fixes OSS-Fuzz finding #466745384. Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
2025-12-11 21:05:10 -05:00 · 2025-12-08 03:04:55 +02:00
parent 3c8b846213
commit e5cd796648
3 changed files with 24 additions and 1 deletions
--- a/plugin/auto/README.md
+++ b/plugin/auto/README.md
@@ -27,7 +27,8 @@ are used.
  used to extract the origin. **ORIGIN_TEMPLATE** will be used as a template for the origin. Strings
  like `{<number>}` are replaced with the respective matches in the file name, e.g. `{1}` is the
  first match, `{2}` is the second. The default is: `db\.(.*)  {1}` i.e. from a file with the
-  name `db.example.com`, the extracted origin will be `example.com`.
+  name `db.example.com`, the extracted origin will be `example.com`. **REGEXP** must not be longer
+  than 10000 characters.
 * `reload` interval to perform reloads of zones if SOA version changes and zonefiles. It specifies how often CoreDNS should scan the directory to watch for file removal and addition. Default is one minute.
  Value of `0` means to not scan for changes and reload. eg. `30s` checks zonefile every 30 seconds
  and reloads zone when serial changes.
--- a/plugin/auto/setup.go
+++ b/plugin/auto/setup.go
@@ -18,6 +18,8 @@ import (

 var log = clog.NewWithPlugin("auto")

+const maxRegexpLen = 10000
+
 func init() { plugin.Register("auto", setup) }

 func setup(c *caddy.Controller) error {
@@ -126,6 +128,9 @@ func autoParse(c *caddy.Controller) (Auto, error) {

 				// regexp template
 				if c.NextArg() {
+					if len(c.Val()) > maxRegexpLen {
+						return a, c.Errf("regexp too large")
+					}
 					a.re, err = regexp.Compile(c.Val())
 					if err != nil {
 						return a, err
--- a/plugin/auto/setup_test.go
+++ b/plugin/auto/setup_test.go
@@ -2,6 +2,7 @@ package auto

 import (
 	"fmt"
+	"strings"
 	"testing"
 	"time"

@@ -205,3 +206,19 @@ func TestSetupReload(t *testing.T) {
 		})
 	}
 }
+
+func TestAutoParseLargeRegex(t *testing.T) {
+	largeRegex := strings.Repeat("a", maxRegexpLen+1)
+	config := fmt.Sprintf(`auto {
+        directory /tmp %s {1}
+    }`, largeRegex)
+
+	c := caddy.NewTestController("dns", config)
+	_, err := autoParse(c)
+	if err == nil {
+		t.Fatal("Expected error for large regex, got nil")
+	}
+	if !strings.Contains(err.Error(), "regexp too large") {
+		t.Errorf("Expected 'regexp too large' error, got: %v", err)
+	}
+}