Browse Source

Fix possible ReDOS in newline rule.

Co-authored-by: MakeNowJust <make.just.on@gmail.com>
pull/843/head
Vitaly Puzrin 3 years ago
parent
commit
ffc49ab46b
  1. 5
      CHANGELOG.md
  2. 8
      lib/rules_inline/newline.js
  3. 4
      test/pathological.js

5
CHANGELOG.md

@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [12.3.2] - 2022-01-08
### Security
- Fix possible ReDOS in newline rule. Thanks to @MakeNowJust.
## [12.3.1] - 2022-01-07 ## [12.3.1] - 2022-01-07
### Fixed ### Fixed
@ -588,6 +592,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Renamed presets folder (configs -> presets). - Renamed presets folder (configs -> presets).
[12.3.2]: https://github.com/markdown-it/markdown-it/compare/12.3.1...12.3.2
[12.3.1]: https://github.com/markdown-it/markdown-it/compare/12.3.0...12.3.1 [12.3.1]: https://github.com/markdown-it/markdown-it/compare/12.3.0...12.3.1
[12.3.0]: https://github.com/markdown-it/markdown-it/compare/12.2.0...12.3.0 [12.3.0]: https://github.com/markdown-it/markdown-it/compare/12.2.0...12.3.0
[12.2.0]: https://github.com/markdown-it/markdown-it/compare/12.1.0...12.2.0 [12.2.0]: https://github.com/markdown-it/markdown-it/compare/12.1.0...12.2.0

8
lib/rules_inline/newline.js

@ -6,7 +6,7 @@ var isSpace = require('../common/utils').isSpace;
module.exports = function newline(state, silent) { module.exports = function newline(state, silent) {
var pmax, max, pos = state.pos; var pmax, max, ws, pos = state.pos;
if (state.src.charCodeAt(pos) !== 0x0A/* \n */) { return false; } if (state.src.charCodeAt(pos) !== 0x0A/* \n */) { return false; }
@ -20,7 +20,11 @@ module.exports = function newline(state, silent) {
if (!silent) { if (!silent) {
if (pmax >= 0 && state.pending.charCodeAt(pmax) === 0x20) { if (pmax >= 0 && state.pending.charCodeAt(pmax) === 0x20) {
if (pmax >= 1 && state.pending.charCodeAt(pmax - 1) === 0x20) { if (pmax >= 1 && state.pending.charCodeAt(pmax - 1) === 0x20) {
state.pending = state.pending.replace(/ +$/, ''); // Find whitespaces tail of pending chars.
ws = pmax - 1;
while (ws >= 1 && state.pending.charCodeAt(ws - 1) === 0x20) ws--;
state.pending = state.pending.slice(0, ws);
state.push('hardbreak', 'br', 0); state.push('hardbreak', 'br', 0);
} else { } else {
state.pending = state.pending.slice(0, -1); state.pending = state.pending.slice(0, -1);

4
test/pathological.js

@ -138,5 +138,9 @@ describe('Pathological sequences speed', () => {
it('autolinks <<<<...<<> pattern', async () => { it('autolinks <<<<...<<> pattern', async () => {
await test_pattern('<'.repeat(400000) + '>'); await test_pattern('<'.repeat(400000) + '>');
}); });
it('hardbreak whitespaces pattern', async () => {
await test_pattern('x' + ' '.repeat(150000) + 'x \nx');
});
}); });
}); });

Loading…
Cancel
Save