feedc0de/boost_regex
1
0
Fork 0
forked from boostorg/regex
Code Pull Requests Activity

Rework format string protection to be non-throwing.

Browse Source 
Remove old test case, fix up tests to disable testing the new issues on the recursive implementation which will be going soon anyway.
This commit is contained in:
jzmaddock
2024-03-17 16:12:14 +00:00
parent b99ec17c8e
commit ae34d3cfc5
6 changed files with 10 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
include/boost/regex/v5/regex_format.hpp
View File

@ -201,11 +201,6 @@ OutputIterator basic_regex_formatter<OutputIterator, Results, traits, ForwardIte
template <class OutputIterator, class Results, class traits, class ForwardIter>
void basic_regex_formatter<OutputIterator, Results, traits, ForwardIter>::format_all(unsigned recursion_count)
{
if (recursion_count > BOOST_REGEX_MAX_RECURSION_DEPTH)
{
// We need to protect ourselves from bad format strings used as DOS attacks:
throw std::runtime_error("Excessive recursion in format string, this looks like a deliberately malformed expression.");
}
// over and over:
while(m_position != m_end)
{
@ -224,7 +219,7 @@ void basic_regex_formatter<OutputIterator, Results, traits, ForwardIter>::format
format_escape();
break;
case '(':
if(m_flags & boost::regex_constants::format_all)
if((m_flags & boost::regex_constants::format_all) && (recursion_count < BOOST_REGEX_MAX_RECURSION_DEPTH))
{
++m_position;
bool have_conditional = m_have_conditional;
@ -257,7 +252,7 @@ void basic_regex_formatter<OutputIterator, Results, traits, ForwardIter>::format
++m_position;
break;
case '?':
if(m_flags & boost::regex_constants::format_all)
if((m_flags & boost::regex_constants::format_all) && (recursion_count < BOOST_REGEX_MAX_RECURSION_DEPTH))
{
++m_position;
format_conditional(recursion_count);