Re: Multiple DoS parsing and executing extended regex expressions in GNU libc

[Jakub Wilk <jwilk () jwilk net>]

* Gustavo Grieco <gustavo.grieco () gmail com>, 2017-02-09, 14:24:
> We found a few extended regex expressions in GNU libc that will crash or abort 
> the execution of regcomp or regexec. For instance:
>
> \a?{1,32767}
>
> will immediately exhaust the stack calling calc_eclosure_iter in the 
> compilation.

FWIW, glibc's policy seems to be that DoS via crafted regexp is not considered 
a security problem: https://sourceware.org/glibc/wiki/Security%20Exceptions

"[...] resource exhaustion issues which can be triggered only with crafted 
patterns (either during compilation or execution) are not treated as security 
bugs. (This does not mean we do not intend to fix such issues as regular bugs 
if possible.)

However, during execution, crashes, infinite loops, buffer overflows and 
reading past buffers (read-only buffer overruns), memory leaks and other, 
similar bugs should be treated as security vulnerabilities, assuming that the 
pattern is trusted and reasonably structured."

--
Jakub Wilk