Date: Sun, 4 May 2014 03:00:00 GMT From: Pedro Giffuni <pfg@freebsd.org> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/169302: [libc] [patch] Applied MidnightBSD regex memory consumption limits Message-ID: <201405040300.s44300eP038643@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/169302; it has been noted by GNATS. From: Pedro Giffuni <pfg@freebsd.org> To: "bug-followup@FreeBSD.org" <bug-followup@FreeBSD.org>, "zblacher@sandvine.com" <zblacher@sandvine.com> Cc: Subject: Re: kern/169302: [libc] [patch] Applied MidnightBSD regex memory consumption limits Date: Sat, 3 May 2014 19:54:04 -0700 (PDT) ---1130188905-1388205096-1399172044=:87984 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Nice!=0AThe patch doesn't apply cleanly but it seems related to this commit= in NetBSD:=0A=0A"Prevent regcomp/regexec DoS attacks by limiting the amoun= t of memory used=0Aand the level of recursion. Thanks to Maksymilian Arciem= owicz for discovery=0Aand help with the implementation."=0A=0Ahttp://cvsweb= .netbsd.org/bsdweb.cgi/src/lib/libc/regex/regcomp.c.diff?r1=3D1.29&r2=3D1.3= 0&only_with_tag=3DMAIN=0A ---1130188905-1388205096-1399172044=:87984 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><body><div style=3D"color:#000; background-color:#fff; font-family:He= lveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;fo= nt-size:12pt"><div style=3D"" class=3D"">Nice!</div><div style=3D"" class= =3D"">The patch doesn't apply cleanly but it seems related to this commit i= n NetBSD:</div><div style=3D"" class=3D""><br style=3D"" class=3D""></div><= div class=3D"" style=3D"color: rgb(0, 0, 0); font-size: 16px; font-family: = HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,Sans-Serif; back= ground-color: transparent; font-style: normal">"Prevent regcomp/regexec DoS= attacks by limiting the amount of memory used<br style=3D"" class=3D"">and= the level of recursion. Thanks to Maksymilian Arciemowicz for discovery<br= style=3D"" class=3D"">and help with the implementation."</div><div class= =3D"" style=3D"color: rgb(0, 0, 0); font-size: 16px; font-family: Helvetica= Neue,Helvetica Neue,Helvetica,Arial,Lucida Grande,Sans-Serif; background-co= lor: transparent; font-style: normal"><br style=3D"" class=3D""></div><div class=3D"" style=3D"color: rg= b(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helv= etica,Arial,Lucida Grande,Sans-Serif; background-color: transparent; font-s= tyle: normal">http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/regex/regcom= p.c.diff?r1=3D1.29&r2=3D1.30&only_with_tag=3DMAIN<br style=3D"" cla= ss=3D""></div></div></body></html> ---1130188905-1388205096-1399172044=:87984--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201405040300.s44300eP038643>