bug-bash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bash regexp parsing would benefit from safe recursion limit

From: Steffen Nurpmeso
Subject: Re: Bash regexp parsing would benefit from safe recursion limit
Date: Thu, 31 Mar 2022 01:48:49 +0200
User-agent: s-nail v14.9.24-229-g94fb1056fb 
Chet Ramey wrote in
 <bbfbaa44-8d6f-cbe3-d0cf-1feeb5685768@case.edu>:
 |On 3/30/22 11:16 AM, willi1337 bald wrote:
 |> Bash Version: 5.1
 |> Patch Level: 16
 |> Release Status: release
 |> 
 |> Description:
 |> 
 |> A deeply nested and incorrect regex expression can cause exhaustion of
 |> stack resources, which crashes the bash process.
 |
 |Bash doesn't use it's own regexp engine; it uses whatever POSIX regexp
 |functions are provided by the C library (regcomp/regexec/regfree/regerror).

Once there was that ???FTP CVE regarding recursion, what they did
was simply counting *'s in the expression string, and restricting
it to three occasions per expression.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)
reply via email to
[Prev in Thread] Current Thread [Next in Thread]