Author: fran

Description:
Replaces the 'mega-regex' approach with one regex for each blacklist entry

Recently the sysadmins disabled the UsernameBlacklist extension on WMF wikis because it was causing account creation to crash the servers, due to some complicated regexes in place on en.wiki. Someone pointed out on wikitech-l that it was odd that TitleBlacklist. with even more complicated entries on en.wiki, didn't cause the same problems, and noted that the only real difference in how they worked is that the UsernameBlacklist concatenated all the blacklist entries into one "mega-regex."

Looking at the code, I think this 'mega-regex' is the root of the problem. The function UsernameBlacklist::safeBlacklist() in UsernameBlacklist.php concatenates every single entry in the blacklist into one regular expression, which it then passes to preg_match(). However, PCRE's documentation notes that as regexes are processed by a recursive function in the C library, which could potentially cause a stack overflow and crash the process - in this case, Apache/PHP. I surmise this is the problem that we've been having - multiple complicated blacklist entries are combined by UsernameBlacklist into a huge regex which causes PCRE to overflow when parsing.

I've attached a patch for UsernameBlacklist that replaces the "mega-regex" approach with one regex for each blacklist entry, the same approach taken by TitleBlacklist.

Version: unspecified
Severity: major

Attached: