Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix reachTemplate() regex timing #371

Merged
merged 1 commit into from Sep 27, 2021
Merged

Fix reachTemplate() regex timing #371

merged 1 commit into from Sep 27, 2021

Conversation

devinivy
Copy link
Member

This fixes an issue where the template argument of reachTemplate() can run in quadratic time based on its length for certain inputs. Many thanks to @ready-research for the find and disclosure, and to @nlf for the proposed fix.

@devinivy devinivy added bug Bug or defect security Issue with security impact labels Sep 27, 2021
@devinivy devinivy added this to the 9.2.1 milestone Sep 27, 2021
Nargonath
Nargonath approved these changes Sep 27, 2021
View reviewed changes
Copy link
Member

@Nargonath Nargonath left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well done @devinivy for the implementation of @nlf solution.

@devinivy devinivy merged commit 82504b7 into master Sep 27, 2021
@devinivy devinivy deleted the reach-tpl-timing branch September 27, 2021 20:56
@devinivy devinivy self-assigned this Sep 27, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@geek geek geek approved these changes

@Nargonath Nargonath Nargonath approved these changes

@lloydbenson lloydbenson lloydbenson approved these changes

Assignees

@devinivy devinivy

Labels
bug Bug or defect security Issue with security impact
Projects
None yet
Milestone
9.2.1
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@devinivy @geek @Nargonath @lloydbenson