Description
Problem description
We noticed that it's possible to hang (or seemingly hang) the entire node process with some common (if invalid) hostname/endpoint values. We discovered this while writing some validation code for our own hostname/endpoint values. This was with the grpc@grpc-js project.
The problem seems to be this regular expression
const DNS_REGEX = /^(?:dns:)?(?:\/\/(?:[a-zA-Z0-9-]+\.?)+\/)?((?:[a-zA-Z0-9-]+\.?)+)(?::(\d+))?$/;
const dnsMatch = DNS_REGEX.exec(target);
Reproduction steps
We can reproduce the problem we saw with the behavior of @grpc/grpc-js via this small program. Happy to put together a reproduction with @grpc/grpc-js if you'all think that would be helpful.
const main = () => {
// host name with an extra port accidentally left on
const target = 'foo-internal.aws-us-east-2.tracing.staging-edge.foo-data.net:443:443'
const DNS_REGEX = /^(?:dns:)?(?:\/\/(?:[a-zA-Z0-9-]+\.?)+\/)?((?:[a-zA-Z0-9-]+\.?)+)(?::(\d+))?$/
DNS_REGEX.exec(target)
}
main()
The hostname foo-internal.aws-us-east-2.tracing.staging-edge.foo-data.net seems pathologic, but it's based on a legitimate hostname we've been asked to use.
Steps:
- Run the above program with NodeJS 8, 10, or 12
Expected Behavior: Program exits normally
Actual Behavior: Program hangs for at least 2 minutes, likely longer
Environment
- MacOS 10.13/10.14and Ubuntu 18.04
- Nodes 8, 10, and 12
- Nodes 10 and 12 installed via nvm, Node 8 installed via apt-get install nodejs
grpc/[email protected]
Additional context
Something something NFA backtracking.