From 595e6a34d22435505aa96a999d73fd11a12c043d Mon Sep 17 00:00:00 2001 From: Pragmatic Software Date: Mon, 28 Apr 2014 17:20:01 +0000 Subject: [PATCH] Use DFA regex engine on user-supplied regexs to avoid potential denial-of-service attacks --- PBot/FactoidCommands.pm | 1 + PBot/VERSION.pm | 4 ++-- modules/compiler_vm/compiler_vm_client.pl | 1 + 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/PBot/FactoidCommands.pm b/PBot/FactoidCommands.pm index 0c0db09c..67ab75e3 100644 --- a/PBot/FactoidCommands.pm +++ b/PBot/FactoidCommands.pm @@ -753,6 +753,7 @@ sub factchange { } my $ret = eval { + use re::engine::RE2; if(not $factoids->{$channel}->{$trigger}->{action} =~ s|$tochange|$changeto|) { $self->{pbot}->logger->log("($from) $nick!$user\@$host: failed to change '$trigger' 's$delim$tochange$delim$changeto$delim\n"); return "/msg $nick Change $trigger failed."; diff --git a/PBot/VERSION.pm b/PBot/VERSION.pm index 076c0477..0183f7f6 100644 --- a/PBot/VERSION.pm +++ b/PBot/VERSION.pm @@ -13,8 +13,8 @@ use warnings; # These are set automatically by the build/commit script use constant { BUILD_NAME => "PBot", - BUILD_REVISION => 556, - BUILD_DATE => "2014-04-27", + BUILD_REVISION => 557, + BUILD_DATE => "2014-04-28", }; 1; diff --git a/modules/compiler_vm/compiler_vm_client.pl b/modules/compiler_vm/compiler_vm_client.pl index 7dbfb2ab..1d8daa59 100755 --- a/modules/compiler_vm/compiler_vm_client.pl +++ b/modules/compiler_vm/compiler_vm_client.pl @@ -524,6 +524,7 @@ if($subcode =~ m/^\s*(?:and\s+)?(run|paste)\s*$/i) { } if($#replacements > -1) { + use re::engine::RE2; @replacements = sort { $a->{'from'} cmp $b->{'from'} or $a->{'modifier'} <=> $b->{'modifier'} } @replacements; my ($previous_from, $previous_modifier);