Stack overflow when validating big base64 strings #502
Comments
|
Can you paste a snippet of the code you're running? The function is a simple non-recursive one so can't cause a stack overflow. |
|
Indeed the code is not recursive you are right. The recursion is in |
|
If there's excessive back-tracking (ReDoS) then your app will hang rather than fail with a stack overflow. Can you paste the string you're trying to validate? |
|
Not sure github will allow me to paste this amount of data. I'll make a gist in a minute |
|
What's the length of the base64 string? |
|
more than 5mb |
|
I'm assuming the base64 string was not valid? The regular expression we use is: /^(?:[A-Z0-9+\/]{4})*(?:[A-Z0-9+\/]{2}==|[A-Z0-9+\/]{3}=|[A-Z0-9+\/]{4})$/iIf an equals sign is found somewhere before the end, or the last few characters are not valid, then the regex would have to backtrack. I haven't seen a stack overflow before though. |
|
The base64 is valid. Maybe not using a regex for validation for long strings would be better ? |
|
Happy to accept a PR 😄 Validating 5MB strings isn't the typical case. |
|
I understand it's not the typical case. Maybe this encoding is not suited for this amount of data |
|
In the mean time you can use this workaround (assuming you're using node): validator.extend('isBase64', function (str) {
return str === new Buffer(str, 'base64').toString('base64');
}); |
|
@GuillaumeLeclerc could you try #503? |
|
Yes I'll try today if I have some time |
|
Thank you ! |
Hello,
I'm facing a stack overflow when validating a base64 string. Do you think we could make validation asynchronous and use timeouts to clear the stack ?
Thank you
The text was updated successfully, but these errors were encountered: