Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 21 Jul 2022 18:08:19 +1200
From: Mike Beattie <>
Subject: Bug: BOL/EOL anchors in regex capture groups won't match EOL

FRRouting uses musl-libc in its docker container build, and it also appears
to be in use in the GNS3 appliances for frr available online.

BGP as-path matching is regex powered, and usage of a special token of '_'
allows for the easy matching of the boundary of an ASN in an as-path.
Internally, it's translated into the regex capture group of:

   (^|[,{}() ]|$)

A valid as-path is a sequence of integers such as:

   100 200 300

A BGP as-path filter might be specified as so:

   bgp as-path access-list foo seq 20 permit _300_

which would get expanded to:

   (^|[,{}() ]|$)300(^|[,{}() ]|$)

when checking for a match. The usage of the pattern "(^|$)" in musl's regex
implementation will never match EOL, but it does match BOL. Removal of the
circumflex will let the match succeed.

Here is the output of a test programs I've written to confirm this:

   $ musl-gcc -o r r.c

   $ ./r "_300_" "100 200 300"
   regex: (^|[,{}() ]|$)300(^|[,{}() ]|$)
   regexec on [100 200 300]: NOT Found

Removal of "^|" from the beginning of the trailing capture group:

   $ ./r "(^|[,{}() ]|$)300([,{}() ]|$)" "0000 1111 2222"
   regex: (^|[,{}() ]|$)300([,{}() ]|$)
   regexec on [100 200 300]: Found

Mike Beattie <>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.