正则表达式攻击

今天在线上环境发现cpu利用率100%问题,top出来确实有个进程一直占着100%CPU,记下这个pid然后Shift+H查看线程占用资源情况,记下pid,这时pid其实是线程ID,到java堆栈去找要转为十六进制;

jstack [pid] |grep -n 'nid=0x249c' 这一行就是占用资源的线程

"New I/O server worker #1-11" prio=10 tid=0x000000005d8e8000 nid=0x249c runnable [0x0000000042216000]
   java.lang.Thread.State: RUNNABLE
	at java.util.regex.Pattern$CharProperty$1.isSatisfiedBy(Pattern.java:3337)
	at java.util.regex.Pattern$CharProperty.match(Pattern.java:3345)
	at java.util.regex.Pattern$Curly.match0(Pattern.java:3770)
	at java.util.regex.Pattern$Curly.match(Pattern.java:3744)
	at java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:3366)
	at java.util.regex.Pattern$GroupHead.match(Pattern.java:4168)
	at java.util.regex.Pattern$Loop.match(Pattern.java:4295)
	at java.util.regex.Pattern$GroupTail.match(Pattern.java:4227)
	at java.util.regex.Pattern$Curly.match0(Pattern.java:3782)
	at java.util.regex.Pattern$Curly.match(Pattern.java:3744)
	at java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:3366)
	at java.util.regex.Pattern$GroupHead.match(Pattern.java:4168)
	at java.util.regex.Pattern$Loop.match(Pattern.java:4295)
	at java.util.regex.Pattern$GroupTail.match(Pattern.java:4227)
	at java.util.regex.Pattern$Curly.match0(Pattern.java:3782)
	at java.util.regex.Pattern$Curly.match(Pattern.java:3744)
	at java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:3366)
	at java.util.regex.Pattern$GroupHead.match(Pattern.java:4168)
	at java.util.regex.Pattern$Loop.match(Pattern.java:4295)
.........

  通过上下文可以看到是在用户登录时,调用了一个正则运算,通过日志查看到这一行不正常信息

request.body:{"login_name":"..\\/...\\/..\\/.\\/..\\/...\\/..\\/.\\/..\\/...\\/..\\/.\\/..\\/...\\/..\\/.\\/..\\/...\\/..\\/.\\/..\\/...\\/..\\/.\\/etc\\/passwd","password":"***"}

  在本地试了下,果然重现了!

后来把正则表达式换成“^[\\w-]+(\\.[\\w-]+)*@[\\w-]+(\\.[\\w-]+)+$”就正常了...

 

posted @ 2012-05-27 21:27  langke93  阅读(1911)  评论(0编辑  收藏  举报