Message314187
I found a issue in regex (findall search)function, when seaching some content by some pattern, the function return for a long long time, match performance is very low.
I think this issue could lead to too low query performance, or a attacker may exploit the issue to cause a denail of service condition.
system: python 2.7.14 regex(2018.2.21)
poc:
import re
pat = r'^(\(?[\w\d\-\.\\]{3,}\|?){1,}[\w\d\-\.\\]{3,}\)?$'
#plaintext content
content = r'(ftp\x3a\x2f\x2f|http\x3a\x2f\x2f|https\x3a\x2f\x2f|c\x3a\x2f\x2f|d\x3a\x2f\x2f|e\x3a\x2f\x2f)a'
result = re.findall(pat, content)
print result |
|
Date |
User |
Action |
Args |
2018-03-21 06:28:15 | ghi5107 | set | recipients:
+ ghi5107, ezio.melotti, mrabarnett |
2018-03-21 06:28:15 | ghi5107 | set | messageid: <1521613695.07.0.467229070634.issue33113@psf.upfronthosting.co.za> |
2018-03-21 06:28:14 | ghi5107 | link | issue33113 messages |
2018-03-21 06:28:14 | ghi5107 | create | |
|