Summary: | regexec() stack overflow denial of service | ||
---|---|---|---|
Product: | glibc | Reporter: | Yang Dingning <yangdingning> |
Component: | regex | Assignee: | Not yet assigned to anyone <unassigned> |
Status: | REOPENED --- | ||
Severity: | normal | CC: | bonzini, fweimer |
Priority: | P2 | Flags: | fweimer:
security-
|
Version: | unspecified | ||
Target Milestone: | --- | ||
See Also: | https://sourceware.org/bugzilla/show_bug.cgi?id=17070 | ||
Host: | Target: | ||
Build: | Last reconfirmed: |
Description
Yang Dingning
2011-06-16 03:06:50 UTC
This is not really a vulnerability in glibc; in various forms, it is common to pretty much any regular expression engine. In general, applications should not pass to regcomp regular expressions coming from untrusted sources. The glibc implementations ensures that "good" regular expressions, in particular not including very high repetition counts or backreferences, do not cause anomalous stack usage in either regcomp or regexec. This is usually a sufficient guarantee. Back references are impossible to implement efficiently, but the glibc implementation should at least avoid a stack overflow. Flagging as security-, per the documented Security Exceptions for regcomp: https://sourceware.org/glibc/wiki/Security%20Exceptions |