DomainNameUtil issues java.lang.StackOverflowError on very large error (@Email validation)
When validating a large domain name (for example using the @Email annotation), the validator issues a java.lang.StackOverflowError.
It happens here with a very large domain name and JVM default options, but when Xss is tweaked to run in a container for example, it can happen with smaller domain name (https://developers.redhat.com/blog/2017/04/04/openjdk-and-containers/).
Here is a test case:
Yeah, I think we can't do a lot better than changing the order of operations.
I also made the groups non capturing to reduce memory usage.
Thanks for the report.
The Stack is too large to be displayed entirely, Java does not get it entirely. There is nothing interesting in the stack trace.
The error is located here:
Using the pattern EMAIL_DOMAIN_PATTERN
But if you still want the stack trace, here is the full printed one:
Any chance we could have the interesting parts of the stacktrace in the issue description? Thanks.
A partial solution is to perform the length check in the isValidDomainAddress before the pattern validation.
Please note that this code can be vulnerable to ReDoS https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS