ietf-mta-filters
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Possible RegEx security problem.

2000-09-07 09:48:27
from [Nigel Swinson] [Permanent Link] 
Hi folks,

In draft-murchison-sieve-regex-02.txt it says

    Security considerations are discussed in [SIEVE].  It is believed
    that this extension doesn't introduce any additional security
    concerns.

What if I write a regular expresssion that may be utterly meaningless, but
processor hungry.  Could we not potentially crash the server as it tries to
match this against part (or all) of the message?

I bring this up as I have just been working with a WIN32 RegEx
implementation that freezes up if you type in the regular expression

  (.*)*

I'd rather not have a user type in this as a regular expression and freeze
up my mail server!

Is this a potential security problem, or have I just had a bad experience
with a bad RegEx implementation?

Nigel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  (re)Opening a can of worms, JT Traub
Next by Date:  Re: Possible RegEx security problem., Tony Hansen
Previous by Thread:  (re)Opening a can of worms, JT Traub
Next by Thread:  Re: Possible RegEx security problem., Tony Hansen
Indexes:  [Date] [Thread] [Top] [All Lists]