From: Razvan Becheriu <razvan@isc.org>
Date: Mon, 10 Aug 2020 09:07:29 +0000 (+0300)
Subject: [#1347] added check for regex input data size
X-Git-Tag: Kea-1.8.0~49
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5da84d3b5b10af4b91c6eca807cace0ed482003a;p=thirdparty%2Fkea.git

[#1347] added check for regex input data size
---

diff --git a/src/lib/util/strutil.cc b/src/lib/util/strutil.cc
index b8a8a69edc..eaf32c8c6e 100644
--- a/src/lib/util/strutil.cc
+++ b/src/lib/util/strutil.cc
@@ -311,6 +311,17 @@ class StringSanitizerImpl {
 public:
     StringSanitizerImpl(const std::string& char_set, const std::string& char_replacement)
         : char_set_(char_set), char_replacement_(char_replacement) {
+        if (char_set.size() > StringSanitizer::MAX_DATA_SIZE) {
+            isc_throw(isc::BadValue, "char set size: '" << char_set.size()
+                      << "' exceeds max size: '"
+                      << StringSanitizer::MAX_DATA_SIZE << "'");
+        }
+
+        if (char_replacement.size() > StringSanitizer::MAX_DATA_SIZE) {
+            isc_throw(isc::BadValue, "char replacement size: '"
+                      << char_replacement.size() << "' exceeds max size: '"
+                      << StringSanitizer::MAX_DATA_SIZE << "'");
+        }
 #ifdef USE_REGEX
         try {
             scrub_exp_ = std::regex(char_set, std::regex::extended);
@@ -405,7 +416,10 @@ public:
     }
 
 private:
+    /// @brief The char set data for regex.
     std::string char_set_;
+
+    /// @brief The char replacement data for regex.
     std::string char_replacement_;
 
 #ifdef USE_REGEX
@@ -415,6 +429,8 @@ private:
 #endif
 };
 
+const uint32_t StringSanitizer::MAX_DATA_SIZE = 4096;
+
 StringSanitizer::StringSanitizer(const std::string& char_set,
                                  const std::string& char_replacement)
     : impl_(new StringSanitizerImpl(char_set, char_replacement)) {
diff --git a/src/lib/util/strutil.h b/src/lib/util/strutil.h
index 885f769e77..3ea66b62d8 100644
--- a/src/lib/util/strutil.h
+++ b/src/lib/util/strutil.h
@@ -296,7 +296,7 @@ class StringSanitizerImpl;
 
 /// @brief Implements a regular expression based string scrubber
 ///
-/// The implementation uses C++11 regex IF the environemnt supports it
+/// The implementation uses C++11 regex IF the environment supports it
 /// (tested in configure.ac). If not it falls back to C lib regcomp/regexec.
 /// Older compilers, such as pre Gnu g++ 4.9.0, provided only experimental
 /// implementations of regex which are recognized as buggy.
@@ -332,6 +332,10 @@ public:
     /// @param original the string to scrub
     /// @throw Unexpected if an error occurs during scrubbing
     std::string scrub(const std::string& original);
+
+    /// @brief The maximum size for regex parameters.
+    static const uint32_t MAX_DATA_SIZE;
+
 private:
     /// @brief Pointer to the @c StringSanitizerImpl.
     StringSanitizerImpl* impl_;
diff --git a/src/lib/util/tests/strutil_unittest.cc b/src/lib/util/tests/strutil_unittest.cc
index 1a84745e66..8b5f78a83c 100644
--- a/src/lib/util/tests/strutil_unittest.cc
+++ b/src/lib/util/tests/strutil_unittest.cc
@@ -511,7 +511,15 @@ void sanitizeStringTest(
 TEST(StringUtilTest, stringSanitizer) {
     // Bad regular expression should throw.
     StringSanitizerPtr ss;
-    ASSERT_THROW (ss.reset(new StringSanitizer("[bogus-regex","")), BadValue);
+    ASSERT_THROW(ss.reset(new StringSanitizer("[bogus-regex","")), BadValue);
+
+    std::string good_data(StringSanitizer::MAX_DATA_SIZE, '0');
+    std::string bad_data(StringSanitizer::MAX_DATA_SIZE + 1, '0');
+
+    ASSERT_NO_THROW(ss.reset(new StringSanitizer(good_data, good_data)));
+
+    ASSERT_THROW(ss.reset(new StringSanitizer(bad_data, "")), BadValue);
+    ASSERT_THROW(ss.reset(new StringSanitizer("", bad_data)), BadValue);
 
     // List of invalid chars should work: (b,c,2 are invalid)
     sanitizeStringTest("abc.123", "[b-c2]", "*",