Skip to content

fix(plugins): add regex length limit#7802

Merged
yongtang merged 1 commit into
coredns:masterfrom
thevilledev:fix/errors-rewrite-template-regex-len
Jan 5, 2026
Merged

fix(plugins): add regex length limit#7802
yongtang merged 1 commit into
coredns:masterfrom
thevilledev:fix/errors-rewrite-template-regex-len

Conversation

@thevilledev

@thevilledev thevilledev commented Jan 5, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

1. Why is this pull request needed and what does it do?

Corefile input containing large regex patterns can trigger large memory allocations during regexp.Compile(). This has resulted in out-of-memory conditions in fuzz tests.

Add maxRegexpLen (10000) check before regex compilation in:

  • plugin/rewrite: name, rcode, ttl, cname_target rules
  • plugin/template: match clause
  • plugin/errors: consolidate pattern

This follows the existing pattern in the auto plugin from #7737.

2. Which issues (if any) are related?

Fixes OSS-Fuzz finding #473316397 (not publicly available yet).

3. Which documentation changes (if any) need to be made?

Updated plugin docs for rewrite, template and errors plugins.

4. Does this introduce a backward incompatible change or deprecation?

No. The limit is supposed to be abundantly high to cover any and all real use cases.

@thevilledev
fix(plugins): add regex length limit
1336c30 
Corefile input containing large regex patterns can trigger large
memory allocations during regexp.Compile(). This has resulted in
out-of-memory conditions in fuzz tests.

Add maxRegexpLen (10000) check before regex compilation in:

- plugin/rewrite: name, rcode, ttl, cname_target rules
- plugin/template: match clause
- plugin/errors: consolidate pattern

This follows the existing pattern in plugin/auto/setup.go.

Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
@thevilledev thevilledev force-pushed the fix/errors-rewrite-template-regex-len branch from 092cd25 to 1336c30 Compare January 5, 2026 16:36
@thevilledev thevilledev marked this pull request as ready for review January 5, 2026 17:39
@yongtang yongtang merged commit b723bd9 into coredns:master Jan 5, 2026
11 checks passed
rtreffer
rtreffer approved these changes Jan 5, 2026
View reviewed changes

@rtreffer rtreffer left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

@BrewTestBot BrewTestBot mentioned this pull request Jan 8, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rtreffer rtreffer rtreffer approved these changes

@yongtang yongtang yongtang approved these changes

@greenpau greenpau Awaiting requested review from greenpau greenpau is a code owner

@johnbelamaric johnbelamaric Awaiting requested review from johnbelamaric johnbelamaric is a code owner

@miekg miekg Awaiting requested review from miekg miekg is a code owner

@Tantalor93 Tantalor93 Awaiting requested review from Tantalor93 Tantalor93 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@thevilledev @rtreffer @yongtang