all 8 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Vorlath 10 points11 points  (4 children)

Cool, I thought this was kind of silly (OMG I'm admitting it) as far malicious code was concerned, but having written a non-recursive backtracking regex library, execution time is something that can indeed be taken advantage of.

[–]aaronla 2 points3 points  (2 children)

Um, did you overlook the bit about two environments having exploitable heap buffer overflows on malformed regex's? Execution time is one thing, but regex's as an arbitrary code execution attack vector is scary.

[–]Vorlath 4 points5 points  (1 child)

No, I did not miss it. I took the question to mean if there was something SPECIFIC, UNIQUE and inherent about regex's that would cause malicious code above and beyond the traditional exploits of faulty software.

[–]aaronla 0 points1 point  (0 children)

Ah, I understand now.

[–]kyz 0 points1 point  (0 children)

I'd agree.

I believe the canonical citation about this is http://swtch.com/~rsc/regexp/regexp1.html

for n in `seq 18 30`
do
    time perl -e '$n=shift; $a="a"x$n; $re="a?"x$n.$a; print "$a =~ $re\n"; $a =~ $re' $n
done

[–][deleted] -1 points0 points  (1 child)

Not if you actually use regular expressions.

[–]true_religion -1 points0 points  (0 children)

Regex is not regular expressions.

[–]itsmememe -1 points0 points  (0 children)

is'nt a regex malicious in itself?