You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 28, 2023. It is now read-only.
When performing a security analysis on some of our servers, we noticed some performance issues related to the useragent detection logic. The code seemed to hang in the regex matching loop, on the find call on line 167 of AbstractUserAgentStringParser (version 201410).
and some of the matching regex's are .*\/.*CFNetwork\/(602|609|609\.1\.4) Darwin\/ .*\/.*CFNetwork\/(672\.0\.2|672\.0\.8|672\.1\.12|672\.1\.13|672\.1\.14|672\.1\.15) Darwin\/ .*\/.*CFNetwork\/(485\.2|485\.10\.2|485\.12\.7|485\.12\.30|485\.13\.9) Darwin\/
There are more issues, but running the detector against the current code / database locks up the CPU and thread until completed. I'm running it locally now in a test case and it still hasn't completed in 20 minutes.
The text was updated successfully, but these errors were encountered:
@mallat since the regex comes from the database, this might be worth investigating in case the current version of the database still uses the same regex for CFNetwork.
When performing a security analysis on some of our servers, we noticed some performance issues related to the useragent detection logic. The code seemed to hang in the regex matching loop, on the find call on line 167 of AbstractUserAgentStringParser (version 201410).
Looking deeper the troublesome useragent is
and some of the matching regex's are
.*\/.*CFNetwork\/(602|609|609\.1\.4) Darwin\/
.*\/.*CFNetwork\/(672\.0\.2|672\.0\.8|672\.1\.12|672\.1\.13|672\.1\.14|672\.1\.15) Darwin\/
.*\/.*CFNetwork\/(485\.2|485\.10\.2|485\.12\.7|485\.12\.30|485\.13\.9) Darwin\/
There are more issues, but running the detector against the current code / database locks up the CPU and thread until completed. I'm running it locally now in a test case and it still hasn't completed in 20 minutes.
The text was updated successfully, but these errors were encountered: