From 7232b39fa402023b74c42248a7f4194a55844671 Mon Sep 17 00:00:00 2001
From: seke <sebastian.kerckhof@barco.com>
Date: Thu, 27 Jul 2017 10:25:42 +0200
Subject: [PATCH] Cut of flags to avoid abuse of CPU-intensive regexes

---
 packages/ejson/ejson.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/packages/ejson/ejson.js b/packages/ejson/ejson.js
index d8d0cb9471..fd7a9d4929 100644
--- a/packages/ejson/ejson.js
+++ b/packages/ejson/ejson.js
@@ -105,8 +105,11 @@ var builtinConverters = [
       return { $regexp: regexp.source, $flags: regexp.flags };
     },
     fromJSONValue: function (obj) {
-      //replaces duplicate / invalid flags
-      return new RegExp(obj.$regexp, obj.$flags.replace(/[^gimuy]/g,'').replace(/(.)(?=.*\1)/g, ''));
+      // replaces duplicate / invalid flags
+      // cut of flags to 50 chars to avoid abusing regex for DOS
+      return new RegExp(obj.$regexp, obj.$flags.substr(0, 50)
+                                               .replace(/[^gimuy]/g,'')
+                                               .replace(/(.)(?=.*\1)/g, ''));
     }
   },
   { // NaN, Inf, -Inf. (These are the only objects with typeof !== 'object'