fix(auto): limit regex length (#7737)

A very large regex for the auto plugin in the Corefile could cause CoreDNS to OOM. This change adds an artificial limit of 10k characters for the regex pattern. Fixes OSS-Fuzz finding #466745384. Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
2025-12-13 13:55:11 -05:00 · 2025-12-08 03:04:55 +02:00
parent 3c8b846213
commit e5cd796648
3 changed files with 24 additions and 1 deletions
--- a/plugin/auto/setup_test.go
+++ b/plugin/auto/setup_test.go
@@ -2,6 +2,7 @@ package auto

 import (
 	"fmt"
+	"strings"
 	"testing"
 	"time"

@@ -205,3 +206,19 @@ func TestSetupReload(t *testing.T) {
 		})
 	}
 }
+
+func TestAutoParseLargeRegex(t *testing.T) {
+	largeRegex := strings.Repeat("a", maxRegexpLen+1)
+	config := fmt.Sprintf(`auto {
+        directory /tmp %s {1}
+    }`, largeRegex)
+
+	c := caddy.NewTestController("dns", config)
+	_, err := autoParse(c)
+	if err == nil {
+		t.Fatal("Expected error for large regex, got nil")
+	}
+	if !strings.Contains(err.Error(), "regexp too large") {
+		t.Errorf("Expected 'regexp too large' error, got: %v", err)
+	}
+}