Vulnerable Regular Expression

[cristianstaicu]

The following regular expression introduced for validating the hostname is vulnerable to ReDoS:

/^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]).)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9])$/

The slowdown is very serious: for 40 characters around 5 seconds matching time. I would suggest one of the following:

• remove the regex,
• limit the number of characters that can be matched by the repetition,
• limit the input size.

Moreover, the regular expression allows validation bypassing and hence arbitrary command execution!!!

If needed, I can provide an actual example showing the slowdown or the validation bypass.

[skoranga]

@cristianstaicu, thanks for sharing the concern. Yes can you share the example. I can bake it as a test case.

[evilpacket]

@cristianstaicu did you provide @skoranga with a proof of concept yet?

[huntr-helper]

‎‍🛠️ A fix has been provided for this issue. Please reference: 418sec#1

🔥 This fix has been provided through the https://huntr.dev/ bug bounty platform.

[evilpacket]

Would it be possible to get a security advisory created for this? Only maintainers on the repo can draft it otherwise I'd help. Instructions can be found here https://docs.github.com/en/github/managing-security-vulnerabilities/creating-a-security-advisory