[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bash regexp parsing would benefit from safe recursion limit
From: |
Chet Ramey |
Subject: |
Re: Bash regexp parsing would benefit from safe recursion limit |
Date: |
Thu, 31 Mar 2022 11:44:41 -0400 |
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 |
On 3/30/22 7:48 PM, Steffen Nurpmeso wrote:
Chet Ramey wrote in
<bbfbaa44-8d6f-cbe3-d0cf-1feeb5685768@case.edu>:
|On 3/30/22 11:16 AM, willi1337 bald wrote:
|> Bash Version: 5.1
|> Patch Level: 16
|> Release Status: release
|>
|> Description:
|>
|> A deeply nested and incorrect regex expression can cause exhaustion of
|> stack resources, which crashes the bash process.
|
|Bash doesn't use it's own regexp engine; it uses whatever POSIX regexp
|functions are provided by the C library (regcomp/regexec/regfree/regerror).
Once there was that ???FTP CVE regarding recursion, what they did
was simply counting *'s in the expression string, and restricting
it to three occasions per expression.
That seems arbitrary and limiting. I'd rather see any `fix' for this kind
of incorrect regexp come in the library functions themselves.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU chet@case.edu http://tiswww.cwru.edu/~chet/