Pattern exploit - Githubissues

neowiremod / neowire

Garry's Mod add-on that allows users to wire up components in order to make more elaborate automatic and user-controlled contraptions.

Apache License 2.0

0 stars 0 forks source link

Pattern exploit #11

Open Vurv78 opened 4 months ago

Vurv78 commented 4 months ago

What GMod branch are you on?

N/A

What OS are you on?

N/A

What steps can reproduce the bug?

findIncludeClass("p.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*l")
findInSphere(vec(), 9e9)

What is the expected behavior?

Should error due to pattern being too complex

What do you see instead?

Freezes the server

Additional information

Missing WireLib.CheckRegex calls

Vurv78 commented 4 months ago

Harder to fix than initially believed... find library has pattern usage scattered all throughout, considering removal of pattern functionality, as I doubt many people relied on it.

Keeping the behavior of "^str$" is possible though and should be considered to break as little chips as possible.