x/vmware-nsx
Code Issues Proposed changes

Fix hostname regex pattern

Browse Source 
Current hostname_pattern regex complexity grows exponentially
when given a string of just digits, which can be exploited to
cause neutron-server to freeze.

Change-Id: I886c6d883a9cb0acd9908495eec50bf0411d8ba8
Closes-bug: #1378450
This commit is contained in:
John Perkins 2014-10-06 16:24:57 -05:00 committed by Tristan Cacqueray
parent 3b91568010
commit 33664e472a
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
neutron/api/v2/attributes.py
View File

@ -538,8 +538,8 @@ def convert_to_list(data):
return [data] return [data]
HOSTNAME_PATTERN = ("(?=^.{1,254}$)(^(?:(?!\d+\.|-)[a-zA-Z0-9_\-]" HOSTNAME_PATTERN = ("(?=^.{1,254}$)(^(?:(?!\d+.|-)[a-zA-Z0-9_\-]{1,62}"
"{1,63}(?<!-)\.?)+(?:[a-zA-Z]{2,})$)") "[a-zA-Z0-9]\.?)+(?:[a-zA-Z]{2,})$)")
HEX_ELEM = '[0-9A-Fa-f]' HEX_ELEM = '[0-9A-Fa-f]'
UUID_PATTERN = '-'.join([HEX_ELEM + '{8}', HEX_ELEM + '{4}', UUID_PATTERN = '-'.join([HEX_ELEM + '{8}', HEX_ELEM + '{4}',

1
neutron/tests/unit/test_attributes.py
View File

@ -281,6 +281,7 @@ class TestAttributes(base.BaseTestCase):
['www.hostname.com', 'www.hostname.com'], ['www.hostname.com', 'www.hostname.com'],
['77.hostname.com'], ['77.hostname.com'],
['1000.0.0.1'], ['1000.0.0.1'],
['111111111111111111111111111111111111111111111111111111111111'], # noqa
None] None]
for ns in ns_pools: for ns in ns_pools: