Describe the bug
We use OpenDJ 5.1.0 and one of our fuzzing test is failed for decoding long ACI with repetitive targets in it.
The problem ACI is - (targetscope="&O")(targetscope="&O")(targetscope="&O")...here comes hundreds of repetitive (targetscope="&O")(version 3.0; acl ""; allow (G'$z�?) ; )
The error is:
Caused by: java.lang.StackOverflowError
at java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:4134)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:5000)
at java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4470)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4969)
at java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:4134)
at java.base/java.util.regex.Pattern$BmpCharPropertyGreedy.match(Pattern.java:4509)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:5000)
at java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:4134)
at java.base/java.util.regex.Pattern$Ques.match(Pattern.java:4410)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4969)
at java.base/java.util.regex.Pattern$BmpCharPropertyGreedy.match(Pattern.java:4509)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:5000)
at java.base/java.util.regex.Pattern$BmpCharPropertyGreedy.match(Pattern.java:4509)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4969)
at java.base/java.util.regex.Pattern$BmpCharPropertyGreedy.match(Pattern.java:4509)
This happens due to Java uses recursive methods for parsing regular expressions. Technically we can try to negotiate it by using possessive quantifiers in regular expression.
The problem is in the first part of aciRegex. Here is synthetic test that reproduces the problem with original regexp and normal execution with adjusted regexp:
String originalRegex = "^\s*(\(\s*(\w+)\s*(!?=)\s*"([^\"]+)"\s*\)\s*)\s";
Pattern.matches(originalRegex, inputAci); <-- This fails with StackOverflowError
String modifiedRegex = "^\s*+(\(\s*+(\w++)\s*+(!?=)\s*+"([^\"]+)"\s*+\)\s*+)+\s+";
boolean res = Pattern.matches(modifiedRegex, inputAci); <-- executes normally
System.out.println("res = " + res);
Can you please validate it and provide resolution?
To Reproduce
Steps to reproduce the behavior:
- Create ACI string as described above
- Call Aci.decode(aciByteString, DN.rootDN())
- Got StackOverflowError
Expected behavior
AciException is expected as ACI is not valid.
Describe the bug
We use OpenDJ 5.1.0 and one of our fuzzing test is failed for decoding long ACI with repetitive targets in it.
The problem ACI is - (targetscope="&O")(targetscope="&O")(targetscope="&O")...here comes hundreds of repetitive (targetscope="&O")(version 3.0; acl ""; allow (G'$z�?) ; )
The error is:
Caused by: java.lang.StackOverflowError
at java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:4134)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:5000)
at java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4470)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4969)
at java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:4134)
at java.base/java.util.regex.Pattern$BmpCharPropertyGreedy.match(Pattern.java:4509)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:5000)
at java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:4134)
at java.base/java.util.regex.Pattern$Ques.match(Pattern.java:4410)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4969)
at java.base/java.util.regex.Pattern$BmpCharPropertyGreedy.match(Pattern.java:4509)
at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:5000)
at java.base/java.util.regex.Pattern$BmpCharPropertyGreedy.match(Pattern.java:4509)
at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4969)
at java.base/java.util.regex.Pattern$BmpCharPropertyGreedy.match(Pattern.java:4509)
This happens due to Java uses recursive methods for parsing regular expressions. Technically we can try to negotiate it by using possessive quantifiers in regular expression.
The problem is in the first part of aciRegex. Here is synthetic test that reproduces the problem with original regexp and normal execution with adjusted regexp:
String originalRegex = "^\s*(\(\s*(\w+)\s*(!?=)\s*"([^\"]+)"\s*\)\s*)\s";
Pattern.matches(originalRegex, inputAci); <-- This fails with StackOverflowError
String modifiedRegex = "^\s*+(\(\s*+(\w++)\s*+(!?=)\s*+"([^\"]+)"\s*+\)\s*+)+\s+";
boolean res = Pattern.matches(modifiedRegex, inputAci); <-- executes normally
System.out.println("res = " + res);
Can you please validate it and provide resolution?
To Reproduce
Steps to reproduce the behavior:
Expected behavior
AciException is expected as ACI is not valid.