Skip to content

Commit

Permalink
Port ReDoS vulnerability fix to Protobuf.js 5 (#1030)
Browse files Browse the repository at this point in the history
  • Loading branch information
@murgatroid99 @dcodeIO
murgatroid99 authored and dcodeIO committed Apr 30, 2018
1 parent 2028662 commit 243b098
Show file tree
Hide file tree
Showing 11 changed files with 192 additions and 204 deletions.
2 changes: 1 addition & 1 deletion bower.json
View file
@@ -1,7 +1,7 @@
{
"name": "protobuf",
"description": "Protocol Buffers for JavaScript. Finally.",
"version": "5.0.2",
"version": "5.0.3",
"main": "dist/protobuf.js",
"license": "Apache-2.0",
"homepage": "http://dcode.io/",
Expand Down
6 changes: 3 additions & 3 deletions dist/protobuf-light.js
View file
Expand Up @@ -57,7 +57,7 @@
* @const
* @expose
*/
ProtoBuf.VERSION = "5.0.2";
ProtoBuf.VERSION = "5.0.3";

/**
* Wire types.
Expand Down Expand Up @@ -429,10 +429,10 @@
TYPEDEF: /^[a-zA-Z][a-zA-Z_0-9]*$/,

// Type references
TYPEREF: /^(?:\.?[a-zA-Z_][a-zA-Z_0-9]*)+$/,
TYPEREF: /^(?:\.?[a-zA-Z_][a-zA-Z_0-9]*)(?:\.[a-zA-Z_][a-zA-Z_0-9]*)*$/,

// Fully qualified type references
FQTYPEREF: /^(?:\.[a-zA-Z][a-zA-Z_0-9]*)+$/,
FQTYPEREF: /^(?:\.[a-zA-Z_][a-zA-Z_0-9]*)+$/,

// All numbers
NUMBER: /^-?(?:[1-9][0-9]*|0|0[xX][0-9a-fA-F]+|0[0-7]+|([0-9]*(\.[0-9]*)?([Ee][+-]?[0-9]+)?)|inf|nan)$/,
Expand Down
166 changes: 80 additions & 86 deletions dist/protobuf-light.min.js
View file

Large diffs are not rendered by default.

Binary file modified dist/protobuf-light.min.js.gz
View file
Binary file not shown.
6 changes: 3 additions & 3 deletions dist/protobuf-light.min.map
View file

Large diffs are not rendered by default.

6 changes: 3 additions & 3 deletions dist/protobuf.js
View file
Expand Up @@ -57,7 +57,7 @@
* @const
* @expose
*/
ProtoBuf.VERSION = "5.0.2";
ProtoBuf.VERSION = "5.0.3";

/**
* Wire types.
Expand Down Expand Up @@ -429,10 +429,10 @@
TYPEDEF: /^[a-zA-Z][a-zA-Z_0-9]*$/,

// Type references
TYPEREF: /^(?:\.?[a-zA-Z_][a-zA-Z_0-9]*)+$/,
TYPEREF: /^(?:\.?[a-zA-Z_][a-zA-Z_0-9]*)(?:\.[a-zA-Z_][a-zA-Z_0-9]*)*$/,

// Fully qualified type references
FQTYPEREF: /^(?:\.[a-zA-Z][a-zA-Z_0-9]*)+$/,
FQTYPEREF: /^(?:\.[a-zA-Z_][a-zA-Z_0-9]*)+$/,

// All numbers
NUMBER: /^-?(?:[1-9][0-9]*|0|0[xX][0-9a-fA-F]+|0[0-7]+|([0-9]*(\.[0-9]*)?([Ee][+-]?[0-9]+)?)|inf|nan)$/,
Expand Down
198 changes: 96 additions & 102 deletions dist/protobuf.min.js
View file

Large diffs are not rendered by default.

Binary file modified dist/protobuf.min.js.gz
View file
Binary file not shown.
6 changes: 3 additions & 3 deletions dist/protobuf.min.map
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion package.json
View file
@@ -1,6 +1,6 @@
{
"name": "protobufjs",
"version": "5.0.2",
"version": "5.0.3",
"description": "Protocol Buffers for JavaScript. Finally.",
"author": "Daniel Wirtz <dcode@dcode.io>",
"contributors": [
Expand Down
4 changes: 2 additions & 2 deletions src/ProtoBuf/Lang.js
View file
Expand Up @@ -21,10 +21,10 @@ ProtoBuf.Lang = {
TYPEDEF: /^[a-zA-Z][a-zA-Z_0-9]*$/,

// Type references
TYPEREF: /^(?:\.?[a-zA-Z_][a-zA-Z_0-9]*)+$/,
TYPEREF: /^(?:\.?[a-zA-Z_][a-zA-Z_0-9]*)(?:\.[a-zA-Z_][a-zA-Z_0-9]*)*$/,

// Fully qualified type references
FQTYPEREF: /^(?:\.[a-zA-Z][a-zA-Z_0-9]*)+$/,
FQTYPEREF: /^(?:\.[a-zA-Z_][a-zA-Z_0-9]*)+$/,

// All numbers
NUMBER: /^-?(?:[1-9][0-9]*|0|0[xX][0-9a-fA-F]+|0[0-7]+|([0-9]*(\.[0-9]*)?([Ee][+-]?[0-9]+)?)|inf|nan)$/,
Expand Down

0 comments on commit 243b098

Please sign in to comment.