Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bignumber: parseFixed now contains a ReDoS since a9cdbe1238c149a7167c6bb1a78f314805b52755 #1975

Closed
ChALkeR opened this issue Aug 31, 2021 · 5 comments
Closed

bignumber: parseFixed now contains a ReDoS since a9cdbe1238c149a7167c6bb1a78f314805b52755 #1975

ChALkeR opened this issue Aug 31, 2021 · 5 comments
Labels
bug Verified to be an issue. fixed/complete This Bug is fixed or Enhancement is complete and published.

Comments

@ChALkeR
Copy link

ChALkeR commented Aug 31, 2021
edited
Loading

The new regex introduced in a9cdbe1 contains an IDA, and could cause a ReDoS on some crafted input.

import { parseFixed } from '@ethersproject/bignumber'

console.log(parseFixed('0.' + '0'.repeat(8e6) + '1')) // hangs
@ChALkeR ChALkeR added the investigate Under investigation and may be a bug. label Aug 31, 2021
@ChALkeR ChALkeR mentioned this issue Aug 31, 2021
Closed
@ricmoo
Copy link
Member

ricmoo commented Sep 3, 2021

I was totally unfamiliar with the ReDoS attack; thanks for pointing it out to me and providing concise reproduction steps. :)

I’ll research this and get the fix out ASAP!

@ricmoo ricmoo added bug Verified to be an issue. on-deck This Enhancement or Bug is currently being worked on. and removed investigate Under investigation and may be a bug. labels Sep 3, 2021
@ChALkeR
Copy link
Author

ChALkeR commented Sep 6, 2021

The fix is in #1976 which I opened with this issue =).

ricmoo added a commit that referenced this issue Sep 16, 2021
@ricmoo
Fix parseUints with excess zeros and fix ReDoS issue (#2016, #1975, #…
32a6b2a 
…1976).
@ricmoo
Copy link
Member

ricmoo commented Sep 16, 2021

Thanks! This will be fixed with #2016, which is removing the regex entirely.

Huge thanks for the info on ReDoS though, I need to spend more time understanding the intricacies of it.

Reminds me of the quote: "You have problem and think to yourself, 'I know! I can use a regular expression'. Now you have two problems." :)

@ricmoo
Copy link
Member

ricmoo commented Sep 16, 2021

This was fixed in 5.4.7. Please let me know if it seems fixed to you (I removed the regex entirely).

Thanks for your keen eye! :)

@ricmoo ricmoo added fixed/complete This Bug is fixed or Enhancement is complete and published. and removed on-deck This Enhancement or Bug is currently being worked on. labels Sep 16, 2021
@ChALkeR
Copy link
Author

ChALkeR commented Oct 1, 2021

This is now fixed.

@ChALkeR ChALkeR closed this as completed Oct 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Verified to be an issue. fixed/complete This Bug is fixed or Enhancement is complete and published.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

bignumber: fix ida in regex ExodusMovement/ethers.js
2 participants
@ChALkeR @ricmoo