[BUG] ReDoS in salt-master

[a1phafu]

Description when use a fake salt-minion connect salt-master, and edit some special words in /etc/salt/grains file, can attact master with redos injection

Setup

1. edit those words into /etc/salt/grains test: aaaaaaaaaaaaaaaaaaaaaaaaaaaa+
2. restart salt-minion
3. use a fake salt-minion client and sent req to master

Steps to Reproduce the behavior (Include debug logs if possible and relevant)

Expected behavior

Screenshots

Versions Report 3006.5

[welcome[bot]]

Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey. Please be sure to review our Code of Conduct. Also, check out some of our community resources including:

• Community Wiki
• Salt’s Contributor Guide
• Join our Community Slack
• IRC on LiberaChat
• Salt Project YouTube channel
• Salt Project Twitch channel

There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar. If you have additional questions, email us at saltproject@vmware.com. We’re glad you’ve joined our community and look forward to doing awesome things with you!