Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/mono/mono.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/mcs/class/referencesource/System.Web/UI/WebControls/RegularExpressionValidator.cs
diff options
context:
space:
mode:
Diffstat (limited to 'mcs/class/referencesource/System.Web/UI/WebControls/RegularExpressionValidator.cs')
-rw-r--r--mcs/class/referencesource/System.Web/UI/WebControls/RegularExpressionValidator.cs11
1 files changed, 9 insertions, 2 deletions
diff --git a/mcs/class/referencesource/System.Web/UI/WebControls/RegularExpressionValidator.cs b/mcs/class/referencesource/System.Web/UI/WebControls/RegularExpressionValidator.cs
index 9ce940dcf82..9f3bc32b115 100644
--- a/mcs/class/referencesource/System.Web/UI/WebControls/RegularExpressionValidator.cs
+++ b/mcs/class/referencesource/System.Web/UI/WebControls/RegularExpressionValidator.cs
@@ -54,6 +54,8 @@ namespace System.Web.UI.WebControls {
}
}
+ // The timeout for regex
+ public int? MatchTimeout { get; set; }
/// <internalonly/>
/// <devdoc>
@@ -87,9 +89,14 @@ namespace System.Web.UI.WebControls {
try {
// we are looking for an exact match, not just a search hit
- Match m = Regex.Match(controlValue, ValidationExpression);
+ // Adding timeout for Regex in case of malicious string causing DoS
+ Match m = RegexUtil.Match(controlValue, ValidationExpression, RegexOptions.None, MatchTimeout);
+
return(m.Success && m.Index == 0 && m.Length == controlValue.Length);
- }
+ }
+ catch (ArgumentOutOfRangeException) {
+ throw;
+ }
catch {
Debug.Fail("Regex error should have been caught in property setter.");
return true;
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-03 17:30:51 +0300