Prevent potential ReDoS attack
Although the logic is used to parse a config value, it'd be better to eliminate a risk. Change-Id: I9ef3fedf9d23f8ca8f87a63a55f1f90e5b07d2f1
This commit is contained in:
parent
7bb43bbbd5
commit
29d1ab7c9f
|
@ -104,11 +104,11 @@ class _DebugProxy(proxy.ProxyBackend):
|
|||
|
||||
def _parse_sentinel(sentinel):
|
||||
# IPv6 (eg. [::1]:6379 )
|
||||
match = re.search(r'\[(\S+)\]:(\d+)', sentinel)
|
||||
match = re.search(r'^\[(\S+)\]:(\d+)$', sentinel)
|
||||
if match:
|
||||
return (match[1], int(match[2]))
|
||||
# IPv4 or hostname (eg. 127.0.0.1:6379 or localhost:6379)
|
||||
match = re.search(r'(\S+):(\d+)', sentinel)
|
||||
match = re.search(r'^(\S+):(\d+)$', sentinel)
|
||||
if match:
|
||||
return (match[1], int(match[2]))
|
||||
raise exception.ConfigurationError('Malformed sentinel server format')
|
||||
|
|
Loading…
Reference in New Issue