Message 132048 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	complex
Recipients	complex
Date	2011-03-24.22:29:03
SpamBayes Score	3.813838e-12
Marked as misclassified	No
Message-id	<1301005743.88.0.293616308721.issue11665@psf.upfronthosting.co.za>
In-reply-to

Content
Finding all matches of a expression freezes: {{{ fviktor@sirius:~$ python3.2 Python 3.2 (r32:88445, Mar 8 2011, 01:24:57) [GCC 4.4.3] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import re >>> text = '\\ = 0) & (lag < 1000) & (registered = 1) & !computer & (autocolor = 0) &' >>> rx = re.compile(r'(<(?:(?:[^<>])\|(?:"[^"]"))>)') >>> rx.findall(text) It freezes at this point with 100% CPU load. So I pressed Ctrl-C to break it, which works: ^CTraceback (most recent call last): File "<stdin>", line 1, in <module> KeyboardInterrupt >>> }}} It is freezing on Python 2.6.6 as well, so it seems to be an old issue just (re)discovered. The regexp is ugly, I know. It can be written much simpler (r'(<.?>\|".*?")'), which is working fine. But this issue points out a possible vulnerability: DOS attack due to freezing a Python application utilizing an affected regexp to parse user input. I wasn't able to narrow down it further, but this issue is also depending on the text parsed, not only on the regexp pattern itself.

Finding all matches of a expression freezes:

{{{
fviktor@sirius:~$ python3.2
Python 3.2 (r32:88445, Mar  8 2011, 01:24:57) 
[GCC 4.4.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import re
>>> text = '\\   = 0) & (lag < 1000) & (registered = 1) & !computer & (autocolor = 0) &'
>>> rx = re.compile(r'(<(?:(?:[^<>]*)|(?:"[^"]*"))*>)')
>>> rx.findall(text)

It freezes at this point with 100% CPU load. So I pressed Ctrl-C to break it, which works:

^CTraceback (most recent call last):
  File "<stdin>", line 1, in <module>
KeyboardInterrupt
>>> 
}}}

It is freezing on Python 2.6.6 as well, so it seems to be an old issue just (re)discovered.

The regexp is ugly, I know. It can be written much simpler (r'(<.*?>|".*?")'), which is working fine. But this issue points out a possible vulnerability: DOS attack due to freezing a Python application utilizing an affected regexp to parse user input.

I wasn't able to narrow down it further, but this issue is also depending on the text parsed, not only on the regexp pattern itself.

History
Date	User	Action	Args
2011-03-24 22:29:03	complex	set	recipients: + complex
2011-03-24 22:29:03	complex	set	messageid: <1301005743.88.0.293616308721.issue11665@psf.upfronthosting.co.za>
2011-03-24 22:29:03	complex	link	issue11665 messages
2011-03-24 22:29:03	complex	create