Fix possible ReDOS in newline rule.

Co-authored-by: MakeNowJust <[email protected]>
lila945 · Jan 8, 2022 · ffc49ab · ffc49ab
1 parent 76469e8
commit ffc49ab
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [12.3.2] - 2022-01-08
+### Security
+- Fix possible ReDOS in newline rule. Thanks to @MakeNowJust.
+
 
 ## [12.3.1] - 2022-01-07
 ### Fixed
@@ -588,6 +592,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Renamed presets folder (configs -> presets).
 
 
+[12.3.2]: https://github.com/markdown-it/markdown-it/compare/12.3.1...12.3.2
 [12.3.1]: https://github.com/markdown-it/markdown-it/compare/12.3.0...12.3.1
 [12.3.0]: https://github.com/markdown-it/markdown-it/compare/12.2.0...12.3.0
 [12.2.0]: https://github.com/markdown-it/markdown-it/compare/12.1.0...12.2.0

diff --git a/lib/rules_inline/newline.js b/lib/rules_inline/newline.js
@@ -6,7 +6,7 @@ var isSpace = require('../common/utils').isSpace;
 
 
 module.exports = function newline(state, silent) {
-  var pmax, max, pos = state.pos;
+  var pmax, max, ws, pos = state.pos;
 
   if (state.src.charCodeAt(pos) !== 0x0A/* \n */) { return false; }
 
@@ -20,7 +20,11 @@ module.exports = function newline(state, silent) {
   if (!silent) {
     if (pmax >= 0 && state.pending.charCodeAt(pmax) === 0x20) {
       if (pmax >= 1 && state.pending.charCodeAt(pmax - 1) === 0x20) {
-        state.pending = state.pending.replace(/ +$/, '');
+        // Find whitespaces tail of pending chars.
+        ws = pmax - 1;
+        while (ws >= 1 && state.pending.charCodeAt(ws - 1) === 0x20) ws--;
+
+        state.pending = state.pending.slice(0, ws);
         state.push('hardbreak', 'br', 0);
       } else {
         state.pending = state.pending.slice(0, -1);

diff --git a/test/pathological.js b/test/pathological.js
@@ -138,5 +138,9 @@ describe('Pathological sequences speed', () => {
     it('autolinks <<<<...<<> pattern', async () => {
       await test_pattern('<'.repeat(400000) + '>');
     });
+
+    it('hardbreak whitespaces pattern', async () => {
+      await test_pattern('x' + ' '.repeat(150000) + 'x  \nx');
+    });
   });
 });