Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Catastrophic backtracking in SquidConfLexer #2191

Closed
jeanas opened this issue Jul 16, 2022 · 2 comments · Fixed by #2583
Closed

Catastrophic backtracking in SquidConfLexer #2191

jeanas opened this issue Jul 16, 2022 · 2 comments · Fixed by #2583
Assignees
@jeanas
Milestone
2.17

Comments

@jeanas
Copy link
Contributor

jeanas commented Jul 16, 2022

The CI run https://github.com/pygments/pygments/runs/7368863507?check_suite_focus=true timed out in test_random_input for SquidConfLexer.

The offending regex is very likely

    ip_re = (
        r'(?:(?:(?:[3-9]\d?|2(?:5[0-5]|[0-4]?\d)?|1\d{0,2}|0x0*[0-9a-f]{1,2}|'
        r'0+[1-3]?[0-7]{0,2})(?:\.(?:[3-9]\d?|2(?:5[0-5]|[0-4]?\d)?|1\d{0,2}|'
        r'0x0*[0-9a-f]{1,2}|0+[1-3]?[0-7]{0,2})){3})|(?!.*::.*::)(?:(?!:)|'
        r':(?=:))(?:[0-9a-f]{0,4}(?:(?<=::)|(?<!::):)){6}(?:[0-9a-f]{0,4}'
        r'(?:(?<=::)|(?<!::):)[0-9a-f]{0,4}(?:(?<=::)|(?<!:)|(?<=:)(?<!::):)|'
        r'(?:25[0-4]|2[0-4]\d|1\d\d|[1-9]?\d)(?:\.(?:25[0-4]|2[0-4]\d|1\d\d|'
        r'[1-9]?\d)){3}))'
    )

I'm pretty eager to dissect that!!
@jeanas jeanas self-assigned this Jul 16, 2022
@birkenfeld
Copy link
Member

This can probably also be simplified a lot. We don't need to verify the 0-255 range for octets, for example.

jeanas added a commit to jeanas/pygments that referenced this issue Nov 14, 2023
@jeanas
Squidconf: Simplify IP regexes, fix catastrophic backtracking
bdc0822 
Fixes pygments#2191
@jeanas jeanas mentioned this issue Nov 14, 2023
Merged
@Anteru Anteru added this to the 2.17 milestone Nov 17, 2023
@Anteru
Copy link
Collaborator

Anteru commented Nov 17, 2023

Closed via #2583

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jeanas jeanas

Labels
None yet
Projects
None yet
Milestone
2.17
Development

Successfully merging a pull request may close this issue.

Squidconf: Simplify IP regexes, fix catastrophic backtracking jeanas/pygments
3 participants
@birkenfeld @Anteru @jeanas