New submission from guohui <ghi5...@126.com>: I found a issue in regex (findall search)function, when seaching some content by some pattern, the function return for a long long time, match performance is very low. I think this issue could lead to too low query performance, or a attacker may exploit the issue to cause a denail of service condition.
system: python 2.7.14 regex(2018.2.21) poc: import re pat = r'^(\(?[\w\d\-\.\\]{3,}\|?){1,}[\w\d\-\.\\]{3,}\)?$' #plaintext content content = r'(ftp\x3a\x2f\x2f|http\x3a\x2f\x2f|https\x3a\x2f\x2f|c\x3a\x2f\x2f|d\x3a\x2f\x2f|e\x3a\x2f\x2f)a' result = re.findall(pat, content) print result ---------- components: Regular Expressions files: test_performance.py messages: 314187 nosy: ezio.melotti, ghi5107, mrabarnett priority: normal severity: normal status: open title: Query performance is very low and can even lead to denial of service type: security versions: Python 2.7 Added file: https://bugs.python.org/file47495/test_performance.py _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue33113> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com