[#1347] added check for regex input data size

2025-08-30 21:45:37 +00:00 · 2020-08-10 12:07:29 +03:00
parent a45550cc74
commit 5da84d3b5b
3 changed files with 30 additions and 2 deletions
--- a/src/lib/util/strutil.cc
+++ b/src/lib/util/strutil.cc
@@ -311,6 +311,17 @@ class StringSanitizerImpl {
 public:
    StringSanitizerImpl(const std::string& char_set, const std::string& char_replacement)
        : char_set_(char_set), char_replacement_(char_replacement) {
+        if (char_set.size() > StringSanitizer::MAX_DATA_SIZE) {
+            isc_throw(isc::BadValue, "char set size: '" << char_set.size()
+                      << "' exceeds max size: '"
+                      << StringSanitizer::MAX_DATA_SIZE << "'");
+        }
+
+        if (char_replacement.size() > StringSanitizer::MAX_DATA_SIZE) {
+            isc_throw(isc::BadValue, "char replacement size: '"
+                      << char_replacement.size() << "' exceeds max size: '"
+                      << StringSanitizer::MAX_DATA_SIZE << "'");
+        }
 #ifdef USE_REGEX
        try {
            scrub_exp_ = std::regex(char_set, std::regex::extended);
@@ -405,7 +416,10 @@ public:
    }

 private:
+    /// @brief The char set data for regex.
    std::string char_set_;
+
+    /// @brief The char replacement data for regex.
    std::string char_replacement_;

 #ifdef USE_REGEX
@@ -415,6 +429,8 @@ private:
 #endif
 };

+const uint32_t StringSanitizer::MAX_DATA_SIZE = 4096;
+
 StringSanitizer::StringSanitizer(const std::string& char_set,
                                 const std::string& char_replacement)
    : impl_(new StringSanitizerImpl(char_set, char_replacement)) {
--- a/src/lib/util/strutil.h
+++ b/src/lib/util/strutil.h
@@ -296,7 +296,7 @@ class StringSanitizerImpl;

 /// @brief Implements a regular expression based string scrubber
 ///
-/// The implementation uses C++11 regex IF the environemnt supports it
+/// The implementation uses C++11 regex IF the environment supports it
 /// (tested in configure.ac). If not it falls back to C lib regcomp/regexec.
 /// Older compilers, such as pre Gnu g++ 4.9.0, provided only experimental
 /// implementations of regex which are recognized as buggy.
@@ -332,6 +332,10 @@ public:
    /// @param original the string to scrub
    /// @throw Unexpected if an error occurs during scrubbing
    std::string scrub(const std::string& original);
+
+    /// @brief The maximum size for regex parameters.
+    static const uint32_t MAX_DATA_SIZE;
+
 private:
    /// @brief Pointer to the @c StringSanitizerImpl.
    StringSanitizerImpl* impl_;
--- a/src/lib/util/tests/strutil_unittest.cc
+++ b/src/lib/util/tests/strutil_unittest.cc
@@ -511,7 +511,15 @@ void sanitizeStringTest(
 TEST(StringUtilTest, stringSanitizer) {
    // Bad regular expression should throw.
    StringSanitizerPtr ss;
-    ASSERT_THROW (ss.reset(new StringSanitizer("[bogus-regex","")), BadValue);
+    ASSERT_THROW(ss.reset(new StringSanitizer("[bogus-regex","")), BadValue);
+
+    std::string good_data(StringSanitizer::MAX_DATA_SIZE, '0');
+    std::string bad_data(StringSanitizer::MAX_DATA_SIZE + 1, '0');
+
+    ASSERT_NO_THROW(ss.reset(new StringSanitizer(good_data, good_data)));
+
+    ASSERT_THROW(ss.reset(new StringSanitizer(bad_data, "")), BadValue);
+    ASSERT_THROW(ss.reset(new StringSanitizer("", bad_data)), BadValue);

    // List of invalid chars should work: (b,c,2 are invalid)
    sanitizeStringTest("abc.123", "[b-c2]", "*",