Limit recursion in regex parser (#757)

milseman · milseman · commit 2ac5bb50507f · 2024-09-11T08:59:12.000-06:00
Cherry-picks some more changes from swift/main.

* Limit recursion in regex parser

* Also check for custom char class nesting
diff --git a/Sources/_RegexParser/Regex/Parse/Parse.swift b/Sources/_RegexParser/Regex/Parse/Parse.swift
@@ -523,6 +523,19 @@ extension Parser {
   mutating func parseCustomCharacterClass(
     _ start: Source.Located<CustomCC.Start>
   ) -> CustomCC {
+    // Excessively nested recursion is a common DOS attack, so limit
+    // our recursion.
+    context.parseDepth += 1
+    defer { context.parseDepth -= 1 }
+    guard context.parseDepth < context.maxParseDepth else {
+      self.errorAtCurrentPosition(.nestingTooDeep)
+
+      // This is not generally recoverable and further errors will be
+      // incorrect
+      diags.suppressFurtherDiagnostics = true
+      return .init(start, [], start.location)
+    }
+
     let alreadyInCCC = context.isInCustomCharacterClass
     context.isInCustomCharacterClass = true
     defer { context.isInCustomCharacterClass = alreadyInCCC }
diff --git a/Tests/RegexTests/ParseTests.swift b/Tests/RegexTests/ParseTests.swift
@@ -3335,6 +3335,13 @@ extension RegexTests {
       + "a"
       + String(repeating: ")*", count: 500),
       .nestingTooDeep)
+
+    diagnosticTest(
+      String(repeating: "[", count: 500)
+      + "a"
+      + String(repeating: "]*", count: 500),
+      .nestingTooDeep)
+
   }
 
   func testDelimiterLexingErrors() {
