0xEBFE

The regular expression above should have been: std::regex re("^(([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$");

Version: Malwarebytes Anti-Malware 2.2.0.1024 OS: Windows 7 x64 SP1 (en_US) Issue: Users can manually add improper IPv4s for Web Exclusions (assuming you only want dotted-decimal notation) by the inclusion of spaces and leading 0's. 1) <SPACE><SPACE><SPACE>00000255.0.0.0 2) 000000000255.0.0.0<SPACE><SPACE><SPACE><SPACE><SPACE><SPACE><SPACE><SPACE><SPACE> 3) 255.<SPACE><SPACE>0.<SPACE>0.<SPACE><SPACE><SPACE><SPACE>0 Fix: Test the user's input against a regular expression to validate that it would be contained within the IPv4 address space. Psuedo-code for the fix: string input = "255.255.255.255"; // This is whatever the user supplied input was// Optional: Trim all whitespace on input before testing it against the regular expressiontry { // 0.0.0.0 - 255.255.255.255 std::regex re("^(([0-9]{1,2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]{1,2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$"); if (std::regex_match(input, re)) { // Add it to the Web Exlusions } else { // Show 'Invalid address' error message }} catch (std::regex_error& e) { // Syntax error in the regular expression}Limitations: This is intended for dotted-decimal notation only, even though IPv4's can be represented in other legitimate ways such as in dotted-hex and octal formats.