Fix hostname regex pattern

Current hostname_pattern regex complexity grows exponentially
when given a string of just digits, which can be exploited to
cause neutron-server to freeze.

Change-Id: I886c6d883a9cb0acd9908495eec50bf0411d8ba8
Closes-bug: #1378450

diff --git a/neutron/api/v2/attributes.py b/neutron/api/v2/attributes.py
index 83471f946e68ec90f29a52b8192eca5a872404c5..21486dbd39971810b76fd020803aba133976259d 100644 (file)
--- a/neutron/api/v2/attributes.py
+++ b/neutron/api/v2/attributes.py
@@ -540,8 +540,8 @@ def convert_to_list(data):
         return [data]
 
 
-HOSTNAME_PATTERN = ("(?=^.{1,254}$)(^(?:(?!\d+\.|-)[a-zA-Z0-9_\-]"
-                    "{1,63}(?<!-)\.?)+(?:[a-zA-Z]{2,})$)")
+HOSTNAME_PATTERN = ("(?=^.{1,254}$)(^(?:(?!\d+.|-)[a-zA-Z0-9_\-]{1,62}"
+                    "[a-zA-Z0-9]\.?)+(?:[a-zA-Z]{2,})$)")
 
 HEX_ELEM = '[0-9A-Fa-f]'
 UUID_PATTERN = '-'.join([HEX_ELEM + '{8}', HEX_ELEM + '{4}',

diff --git a/neutron/tests/unit/test_attributes.py b/neutron/tests/unit/test_attributes.py
index 2fb268d07a3ad6bbc1af0cd5662fc7fd2d592147..f8cb462b3e7542b44a7f7b8e4502403a26488a64 100644 (file)
--- a/neutron/tests/unit/test_attributes.py
+++ b/neutron/tests/unit/test_attributes.py
@@ -281,6 +281,7 @@ class TestAttributes(base.BaseTestCase):
                     ['www.hostname.com', 'www.hostname.com'],
                     ['77.hostname.com'],
                     ['1000.0.0.1'],
+                    ['111111111111111111111111111111111111111111111111111111111111'],  # noqa
                     None]
 
         for ns in ns_pools: