[Top] [All Lists]

Possible RegEx security problem.

2000-09-07 09:48:27
Hi folks,

In draft-murchison-sieve-regex-02.txt it says

    Security considerations are discussed in [SIEVE].  It is believed
    that this extension doesn't introduce any additional security

What if I write a regular expresssion that may be utterly meaningless, but
processor hungry.  Could we not potentially crash the server as it tries to
match this against part (or all) of the message?

I bring this up as I have just been working with a WIN32 RegEx
implementation that freezes up if you type in the regular expression


I'd rather not have a user type in this as a regular expression and freeze
up my mail server!

Is this a potential security problem, or have I just had a bad experience
with a bad RegEx implementation?


<Prev in Thread] Current Thread [Next in Thread>