3
0
mirror of https://github.com/pragma-/pbot.git synced 2024-11-26 22:09:26 +01:00

Use DFA regex engine on user-supplied regexs to avoid potential denial-of-service attacks

This commit is contained in:
Pragmatic Software 2014-04-28 17:20:01 +00:00
parent b35382109c
commit 595e6a34d2
3 changed files with 4 additions and 2 deletions

View File

@ -753,6 +753,7 @@ sub factchange {
}
my $ret = eval {
use re::engine::RE2;
if(not $factoids->{$channel}->{$trigger}->{action} =~ s|$tochange|$changeto|) {
$self->{pbot}->logger->log("($from) $nick!$user\@$host: failed to change '$trigger' 's$delim$tochange$delim$changeto$delim\n");
return "/msg $nick Change $trigger failed.";

View File

@ -13,8 +13,8 @@ use warnings;
# These are set automatically by the build/commit script
use constant {
BUILD_NAME => "PBot",
BUILD_REVISION => 556,
BUILD_DATE => "2014-04-27",
BUILD_REVISION => 557,
BUILD_DATE => "2014-04-28",
};
1;

View File

@ -524,6 +524,7 @@ if($subcode =~ m/^\s*(?:and\s+)?(run|paste)\s*$/i) {
}
if($#replacements > -1) {
use re::engine::RE2;
@replacements = sort { $a->{'from'} cmp $b->{'from'} or $a->{'modifier'} <=> $b->{'modifier'} } @replacements;
my ($previous_from, $previous_modifier);