Merge branch 'security-61974-limit-issue-comment-size-12-1' into '12-1-stable'

Limit the size of issuable description and comments

See merge request gitlab/gitlabhq!3271

2 files changed, 5 insertions, 1 deletions

diff --git a/lib/gitlab/database.rb b/lib/gitlab/database.rb
index 3e4c720b49a..0cb79e4efeb 100644
--- a/lib/gitlab/database.rb
+++ b/lib/gitlab/database.rb
@@ -13,6 +13,10 @@ module Gitlab
     # https://dev.mysql.com/doc/refman/5.7/en/datetime.html
     MAX_TIMESTAMP_VALUE = Time.at((1 << 31) - 1).freeze
 
+    # The maximum number of characters for text fields, to avoid DoS attacks via parsing huge text fields
+    # https://gitlab.com/gitlab-org/gitlab-ce/issues/61974
+    MAX_TEXT_SIZE_LIMIT = 1_000_000
+
     # Minimum schema version from which migrations are supported
     # Migrations before this version may have been removed
     MIN_SCHEMA_VERSION = 20190506135400
diff --git a/lib/gitlab/path_regex.rb b/lib/gitlab/path_regex.rb
index a13b3f9e069..98a565973c5 100644
--- a/lib/gitlab/path_regex.rb
+++ b/lib/gitlab/path_regex.rb
@@ -132,7 +132,7 @@ module Gitlab
     NO_SUFFIX_REGEX = /(?<!\.git|\.atom)/.freeze
     NAMESPACE_FORMAT_REGEX = /(?:#{NAMESPACE_FORMAT_REGEX_JS})#{NO_SUFFIX_REGEX}/.freeze
     PROJECT_PATH_FORMAT_REGEX = /(?:#{PATH_REGEX_STR})#{NO_SUFFIX_REGEX}/.freeze
-    FULL_NAMESPACE_FORMAT_REGEX = %r{(#{NAMESPACE_FORMAT_REGEX}/)*#{NAMESPACE_FORMAT_REGEX}}.freeze
+    FULL_NAMESPACE_FORMAT_REGEX = %r{(#{NAMESPACE_FORMAT_REGEX}/){,#{Namespace::NUMBER_OF_ANCESTORS_ALLOWED}}#{NAMESPACE_FORMAT_REGEX}}.freeze
 
     def root_namespace_route_regex
       @root_namespace_route_regex ||= begin