Skip to content

limit hostname-char-set input size

Fuzzer reveals that the C++ regex library blows on silly input for hostname-char-set. As it uses regular expressions no large values are expected and it is not a problem to limit the input to something reasonable.

Note that regular expressions can lead to hyper-exponential computing time so there is a potential attack vector using them. Currently the expression itself is in the configuration so it is just another way for an administrator to shoot on the foot...

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information