Skip to content

Commit

Permalink
dns: revise quadratic regex in setServers
Browse files Browse the repository at this point in the history 
Problem:
The IPv6 regex was quadratic.
On long malicious input the event loop could block.

The security team did not deem it a security risk,
but said a PR was welcome.

Solution:
Revise the regex to a linear-complexity version.

Tests:
I added REDOS tests to the "oddities" section.

Fixes: #20443
  • Loading branch information
@davisjam
davisjam committed May 31, 2018
1 parent cd73836 commit fc93b59
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 2 deletions.
2 changes: 1 addition & 1 deletion lib/dns.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -289,7 +289,7 @@ function setServers(servers) {
// servers cares won't have any servers available for resolution
const orig = this._handle.getServers();
const newSet = [];
const IPv6RE = /\[(.*)\]/;
const IPv6RE = /^\[([^[\]]*)\]/;
const addrSplitRE = /(^.+?)(?::(\d+))?$/;

servers.forEach((serv) => {
Expand Down
5 changes: 4 additions & 1 deletion test/parallel/test-dns.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,10 @@ assert(existing.length > 0);
' ',
'\n',
'\0',
'1'.repeat(3 * 4)
'1'.repeat(3 * 4),
':'.repeat(100000),
'['.repeat(100000),
'['.repeat(100000) + ']'.repeat(100000) + 'a'
];
invalidServers.forEach((serv) => {
assert.throws(() => dns.setServers([serv]), /TypeError.*ERR_INVALID_IP_ADDRESS/, `Unexpected error thrown for ${serv}`);
Expand Down

0 comments on commit fc93b59

Please sign in to comment.