Misc.last: add a timeout in --regexp search to prevent various ReDoS attacks

2015-10-01 20:23:11 -07:00 · 2015-10-01 20:23:11 -07:00 · d4a71497c4
parent b64926814b
commit d4a71497c4
1 changed files with 1 additions and 1 deletions
--- a/plugins/Misc/plugin.py
+++ b/plugins/Misc/plugin.py
@ -455,7 +455,7 @@ class Misc(callbacks.Plugin):
                    def f1(s, arg):
                        """Since we can't enqueue match objects into the multiprocessing queue,
                        we'll just wrap the function to return bools."""
-                        if arg.search(s) is not None:
+                        if process(arg.search, s, timeout=0.1) is not None:
                            return True
                        else:
                            return False