diff options
author | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2020-11-09 12:40:17 +0000 |
---|---|---|
committer | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2020-11-09 13:05:39 +0000 |
commit | c5f6629f4ac28582895a11a57fd1163b359c256f (patch) | |
tree | 7c753977a83fe4c2462ca07016df697d64b577c6 /contrib/epee/include/net/net_parse_helpers.h | |
parent | Merge pull request #6902 (diff) | |
download | monero-c5f6629f4ac28582895a11a57fd1163b359c256f.tar.xz |
epee: tighten the URL parsing regexp a little
fixes massive amounts of time spent on pathological inputs
Found by OSS-Fuzz
Diffstat (limited to 'contrib/epee/include/net/net_parse_helpers.h')
-rw-r--r-- | contrib/epee/include/net/net_parse_helpers.h | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/contrib/epee/include/net/net_parse_helpers.h b/contrib/epee/include/net/net_parse_helpers.h index 1d156d19c..cf637ba1d 100644 --- a/contrib/epee/include/net/net_parse_helpers.h +++ b/contrib/epee/include/net/net_parse_helpers.h @@ -131,8 +131,8 @@ namespace net_utils inline bool parse_url_ipv6(const std::string url_str, http::url_content& content) { - STATIC_REGEXP_EXPR_1(rexp_match_uri, "^((.*?)://)?(\\[(.*)\\](:(\\d+))?)(.*)?", boost::regex::icase | boost::regex::normal); - // 12 3 4 5 6 7 + STATIC_REGEXP_EXPR_1(rexp_match_uri, "^(([^:]*?)://)?(\\[(.*)\\](:(\\d+))?)(.*)?", boost::regex::icase | boost::regex::normal); + // 12 3 4 5 6 7 content.port = 0; boost::smatch result; @@ -175,8 +175,8 @@ namespace net_utils ///iframe_test.html?api_url=http://api.vk.com/api.php&api_id=3289090&api_settings=1&viewer_id=562964060&viewer_type=0&sid=0aad8d1c5713130f9ca0076f2b7b47e532877424961367d81e7fa92455f069be7e21bc3193cbd0be11895&secret=368ebbc0ef&access_token=668bc03f43981d883f73876ffff4aa8564254b359cc745dfa1b3cde7bdab2e94105d8f6d8250717569c0a7&user_id=0&group_id=0&is_app_user=1&auth_key=d2f7a895ca5ff3fdb2a2a8ae23fe679a&language=0&parent_language=0&ad_info=ElsdCQBaQlxiAQRdFUVUXiN2AVBzBx5pU1BXIgZUJlIEAWcgAUoLQg==&referrer=unknown&lc_name=9834b6a3&hash= //STATIC_REGEXP_EXPR_1(rexp_match_uri, "^([^?#]*)(\\?([^#]*))?(#(.*))?", boost::regex::icase | boost::regex::normal); - STATIC_REGEXP_EXPR_1(rexp_match_uri, "^((.*?)://)?(([^/:]*)(:(\\d+))?)(.*)?", boost::regex::icase | boost::regex::normal); - // 12 34 5 6 7 + STATIC_REGEXP_EXPR_1(rexp_match_uri, "^(([^:]*?)://)?(([^/:]*)(:(\\d+))?)(.*)?", boost::regex::icase | boost::regex::normal); + // 12 34 5 6 7 content.port = 0; boost::smatch result; if(!(boost::regex_search(url_str, result, rexp_match_uri, boost::match_default) && result[0].matched)) |