PostgreSQL, TCL, and others: a Critical bug in the RE engine. Possible vulnerability

Want to draw the attention of abrasheva the possible "vulnerability" in TCL, PostgreSQL, and theoretically in some other systems using modules regular expressions or NFA utility, originally written by Henry Spencer (Henry Spencer). The modified source code, you can find hundreds (at the same Sun Microsystems, UUNET, etc.). And although I don't think there is a bug initially with the distant ' 90s, though, because the code where this error occurs I have Henry, in his old sources not found, test your system still stands.

And so error: it busyloop at compile regular expression of the form ((((( x)*)*)*)*)*. And it is not execution, but compiling, i.e. if there is a check of the validity of the regular season and it is based on the same code NFA have the same infinite loop + 100% cpu usage.

Error found colleagues on the opensource project TCL in all its current versions (including develop). Knowing that Postgres uses a similar API, it was easy to discover that the feeding of this regular expression Postgres leads to a complete hang of the flow (process) fulfills the request.

Error occurs in this group only five or more procedure nesting — i.e., four investment groups are correctly compiled and executed.

Example for PostgreSQL:
the 
postgres=# select 1 where 'x'~'(((( x)*)*)*)*';
?column?
----------
1
(1 row)
postgres=# select 1 where 'x'~'((((( x)*)*)*)*)*';
!busyloop!

Example for TCL:
the 
% regexp -about {(((( x)*)*)*)*}
4 REG_UEMPTYMATCH
% regexp -about {((((( x)*)*)*)*)*}
!busyloop!

Because this error leads to a locked thread at 100% busy, and due to the fact that there are already bug reports (which, incidentally, is very active shtudiruyutsya hackers and script-kiddis), until the search and will not be released bug fix, I recommend checking out their projects (products) and in the case of a positive result, footcloth the possibility of generating such regular expressions, or regexps foreign input at all.

Today twice dropped in this way, the bug tracker a friend of mine, and then hearing first swearing, then what in the logs could not see anything (the argument post disconnected in the log), I heard the same thanks. Because, forewarned, forearmed.

Of proven vulnerable:
TCL 8.4, 8.5, 8.6 FAILED.
PostgreSQL 8.4, 9.1 FAILED.

do Not subject error:
Python 2.5.2 and 2.7 OK.
UPD: PostgreSQL 9.2.3 OK. (according to the comments of the SW. ' starius).
UPD: PostgreSQL 9.2.1, 9.2.2-2 — OK. (thanks to catlion and sdevalex).
Article based on information from habrahabr.ru

Комментарии

Отправить комментарий

Популярные сообщения из этого блога

Car navigation in detail

Изображение
This article is for those who are going in the near future to buy a car Navigator, but lacks information. For example, a typical Navigator Lexand Si-515 Pro HD I will try to elaborate what is now proposed on the market such devices. Also describe the impressions of three of the tested navigation systems, one of which passed in June, about three thousand kilometres through two countries. And at the end of the article will result in a large comparative table 23 current models of navigators Lexand, to show what can be possible in these devices. The choice of now is large enough. Prices and performance, thanks to competition, differ not so strongly. Typically, when buying are interested in the reliability and usability of the device. The functionality and relevance of the cards of 100% define the installed navigation system. It is therefore very important to be able to update it easily, and even better if you can run several different. the Characteristics and sp
Далее...

PostgreSQL: Analytics for DBA

Many users of PostgreSQL know that the server at the time of their work collects a variety of statistics, but not everyone knows that it is useful to analyze and how to extract it. This small Toolkit collected some useful queries that give some idea about how to use this "hidden knowledge", which constantly accumulates. These queries can be used to monitor the status of PostgreSQL (manually or with plugins for monitoring systems like Nagios, Cacti or Zabbix), to search for bottlenecks in the server and many other similar tasks. Remember that this is only the tip of the iceberg; in the documentation you can find descriptions of several dozen system ideas that can also be useful for the PostgreSQL administrator. For correct work need to enable Toolkit options stats_block_level and stats_row_level in postgresql.conf and set the parameter of stats_reset_on_server_start in its sole discretion. If each time you restart the PostgreSQL server you change some important configu
Далее...

Google has launched an online training course advanced search

Изображение
/ > As planned Google today launched training the advanced search. I just received the e-mail. the text of the letter (in English) We're excited to launch the first class of Power Searching with Google! Get started by taking a pre-class assessment and studying the material in the first class: www.powersearchingwithgoogle.com Class 1 available Class 2 available July 11 Class 3 and mid-class assessment available July 12 Hangout on Air with search experts July 13 1:00-1:45pm PDT (add to calendar) Submit questions for search experts: www.google.com/moderator/#16/e=2004ad Mid-class assessment due July 17 at 7:59am PDT (add to calendar) Classes 4-6 available July 17-19 Hangout on Air with search experts July 19 11:00-11:45am PDT (add to calendar) Post-class assessment due July 23 at 4:59pm PDT (add to calendar) Need help? Please join the course staff in the course forum and follow our Google+ page for additional exercises, tips, and tricks!
Далее...