~edwardloveall/Scribe#24: 
Redirector config contains regexp with catastrophic backtracking

Regexp in Redirector config is susceptible to catastrophic backtracking causing enormous CPU usage and even browser halt whenever user visits a page with long enough URL.

Related issue in Redirector tracker

I have proposed an update to regexp in the issue but I am not sure what medium subdomain limitations are. Maybe we can shrink number of steps the regex engine takes even more?

Status
REPORTED
Submitter
~jtraub
Assigned to
No-one
Submitted
6 days ago
Updated
a day ago
Labels
No labels applied.

~edwardloveall 6 days ago

Thank you for the report. Do you have a sample redirect I could test with? I'm considering abandoning Redirector and suggesting people use LibRedirect instead. It think it's possible for it to be smarter. As a bonus, it supports multiple instances. But I'd like to try it on a link that is a known problem before I suggest it.

~jtraub 5 days ago*

Sure, try this one

https://chart.apis.google.com/chart?chtt=123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456123.456

Google throws 400 error on this url, but with scribe.rip enabled in redirector attempt to visit this url will hang your browser.

I suppose your other solution will hang too on such urls because the regex itself makes the js regex engine to take too many steps.

UPD: (?:.*\.)* causes backtracking so you need a dozen of dots in URL for this problem to appear. However, it seems that long URLs with many dots in it are not that uncommon on the web: Amazon and Google seems to use them.

~edwardloveall a day ago

Thanks! I did some tests and LibRedirect performs much better, so I'll switch to that.

Register here or Log in to comment, or comment via email.