Imported Upstream version 4.3.2.467

Former-commit-id: 9c2cb47f45fa221e661ab616387c9cda183f283d
2016-02-22 11:00:01 -05:00
parent f302175246
commit f3e3aab35a
4097 changed files with 122406 additions and 82300 deletions
--- a/external/referencesource/System.Web/UI/WebControls/RegularExpressionValidator.cs
+++ b/external/referencesource/System.Web/UI/WebControls/RegularExpressionValidator.cs
@@ -54,6 +54,8 @@ namespace System.Web.UI.WebControls {
            }
        }

+        // The timeout for regex
+        public int? MatchTimeout { get; set; }

        /// <internalonly/>
        /// <devdoc>
@@ -87,9 +89,14 @@ namespace System.Web.UI.WebControls {

            try {
                // we are looking for an exact match, not just a search hit
-                Match m = Regex.Match(controlValue, ValidationExpression);
+                // Adding timeout for Regex in case of malicious string causing DoS
+                Match m = RegexUtil.Match(controlValue, ValidationExpression, RegexOptions.None, MatchTimeout);
+
                return(m.Success && m.Index == 0 && m.Length == controlValue.Length);
-            }
+            } 
+            catch (ArgumentOutOfRangeException) {
+                throw;
+            } 
            catch {
                Debug.Fail("Regex error should have been caught in property setter.");
                return true;