Ticket #57 (closed defect: fixed)
DoS Vector
| Reported by: | deveiant | Owned by: | deveiant |
|---|---|---|---|
| Milestone: | Component: | MarkdownSyntax | |
| Version: | 2.0.4 | Severity: | critical |
| Keywords: | hyphen dos bug | Cc: | sandofsky@… |
Description (last modified by deveiant) (diff)
Ben Sandofsky emailed me the following:
We've discovered a bug with BlueCloth that causes it to hang for, it seems, forever. This is particularly important since Rails ships with BlueCloth as its chosen markdown library, introducing a DoS vector from user input. There's a discussion with the Rails Security list, and everyone agrees the fastest, safest solution is a fix to BlueCloth.
The Markdown in question is a series of hyphens separated by spaces. e.g. this line of markdown below will hang you if you're running BlueCloth.
(elided until fixed)Let me know as soon as possible if you don't think you'll be able to fix this, and we'll come up with another solution.
Change History
comment:2 Changed 3 years ago by deveiant
- Status changed from new to assigned
It doesn't appear to cause any problems for the latest release. Are you using BlueCloth 1.x? If so, is it possible/practical to use the latest release? While I can't (of course) guarantee it's free of DoS vectors, it is much better tested, fixes all known BlueCloth bugs, implements a much-newer Markdown specification, and is about two orders of magnitude faster on my hardware. You can upgrade by just changing the name of the gem you install to bluecloth (vs. BlueCloth).
If not, I can try to figure out a fix for 1.x. It's probably fixable by constraining backtracking in the regex that matches horizontal rules.
(In [126]) Adding a spec to test out the DoS reported by Ben Sandofsky (refs #57).