diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2015-10-02 14:51:58 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2015-10-02 14:51:58 -0400 |
| commit | b63fc28776c5d2efdb4de326ad0f0b5b88f82220 (patch) | |
| tree | 74bf395229d6c60aa24463714340ce1e41fdfc14 /src/backend/regex/regcomp.c | |
| parent | f2c4ffc3307cab6619a28e77da9211416c8b1d83 (diff) | |
| download | postgresql-b63fc28776c5d2efdb4de326ad0f0b5b88f82220.tar.gz postgresql-b63fc28776c5d2efdb4de326ad0f0b5b88f82220.zip | |
Add recursion depth protections to regular expression matching.
Some of the functions in regex compilation and execution recurse, and
therefore could in principle be driven to stack overflow. The Tcl crew
has seen this happen in practice in duptraverse(), though their fix was
to put in a hard-wired limit on the number of recursive levels, which is
not too appetizing --- fortunately, we have enough infrastructure to check
the actually available stack. Greg Stark has also seen it in other places
while fuzz testing on a machine with limited stack space. Let's put guards
in to prevent crashes in all these places.
Since the regex code would leak memory if we simply threw elog(ERROR),
we have to introduce an API that checks for stack depth without throwing
such an error. Fortunately that's not difficult.
Diffstat (limited to 'src/backend/regex/regcomp.c')
| -rw-r--r-- | src/backend/regex/regcomp.c | 34 |
1 files changed, 31 insertions, 3 deletions
diff --git a/src/backend/regex/regcomp.c b/src/backend/regex/regcomp.c index d137ac0d3d1..62f6359e345 100644 --- a/src/backend/regex/regcomp.c +++ b/src/backend/regex/regcomp.c @@ -34,7 +34,7 @@ #include "regex/regguts.h" -#include "miscadmin.h" /* needed by rcancelrequested() */ +#include "miscadmin.h" /* needed by rcancelrequested/rstacktoodeep */ /* * forward declarations, up here so forward datatypes etc. are defined early @@ -70,6 +70,7 @@ static int newlacon(struct vars *, struct state *, struct state *, int); static void freelacons(struct subre *, int); static void rfree(regex_t *); static int rcancelrequested(void); +static int rstacktoodeep(void); #ifdef REG_DEBUG static void dump(regex_t *, FILE *); @@ -152,7 +153,7 @@ static int push(struct nfa *, struct arc *); #define COMPATIBLE 3 /* compatible but not satisfied yet */ static int combine(struct arc *, struct arc *); static void fixempties(struct nfa *, FILE *); -static struct state *emptyreachable(struct state *, struct state *); +static struct state *emptyreachable(struct nfa *, struct state *, struct state *); static void replaceempty(struct nfa *, struct state *, struct state *); static void cleanup(struct nfa *); static void markreachable(struct nfa *, struct state *, struct state *, struct state *); @@ -279,7 +280,8 @@ struct vars /* static function list */ static const struct fns functions = { rfree, /* regfree insides */ - rcancelrequested /* check for cancel request */ + rcancelrequested, /* check for cancel request */ + rstacktoodeep /* check for stack getting dangerously deep */ }; @@ -1626,6 +1628,16 @@ subre(struct vars * v, { struct subre *ret = v->treefree; + /* + * Checking for stack overflow here is sufficient to protect parse() and + * its recursive subroutines. + */ + if (STACK_TOO_DEEP(v->re)) + { + ERR(REG_ETOOBIG); + return NULL; + } + if (ret != NULL) v->treefree = ret->left; else @@ -1938,6 +1950,22 @@ rcancelrequested(void) return InterruptPending && (QueryCancelPending || ProcDiePending); } +/* + * rstacktoodeep - check for stack getting dangerously deep + * + * Return nonzero to fail the operation with error code REG_ETOOBIG, + * zero to keep going + * + * The current implementation is Postgres-specific. If we ever get around + * to splitting the regex code out as a standalone library, there will need + * to be some API to let applications define a callback function for this. + */ +static int +rstacktoodeep(void) +{ + return stack_is_too_deep(); +} + #ifdef REG_DEBUG /* |