Fix ReDoS vulnerability in multipart parser

This commit fixes a ReDoS vulnerability when parsing the Content-Disposition field in multipart attachments Thanks to @ooooooo_q for the patch! [CVE-2022-44571]
author: Aaron Patterson <tenderlove@ruby-lang.org> 2023-01-17 12:14:29 -0800
committer: Aaron Patterson <tenderlove@ruby-lang.org> 2023-01-17 12:29:28 -0800
commit: b79bb5ac6e7478aa02f624bd9ef00b25c2502af5 (patch)
tree: 9fb521075bc2f94666a4498ae8cd6112ab7bb3e2
parent: 7a9d76a7850455a5ef9403203ea757ed110e7806 (diff)
download: rack-b79bb5ac6e7478aa02f624bd9ef00b25c2502af5.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/rack/multipart/parser.rb b/lib/rack/multipart/parser.rb
index d624eba8..d5a3c8dd 100644
--- a/lib/rack/multipart/parser.rb
+++ b/lib/rack/multipart/parser.rb
@@ -23,7 +23,7 @@ module Rack
     VALUE = /"(?:\\"|[^"])*"|#{TOKEN}/
     BROKEN = /^#{CONDISP}.*;\s*filename=(#{VALUE})/i
     MULTIPART_CONTENT_TYPE = /Content-Type: (.*)#{EOL}/ni
-    MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:.*;\s*name=(#{VALUE})/ni
+    MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:[^:]*;\s*name=(#{VALUE})/ni
     MULTIPART_CONTENT_ID = /Content-ID:\s*([^#{EOL}]*)/ni
     # Updated definitions from RFC 2231
     ATTRIBUTE_CHAR = %r{[^ \x00-\x1f\x7f)(><@,;:\\"/\[\]?='*%]}
author	Aaron Patterson <tenderlove@ruby-lang.org>	2023-01-17 12:14:29 -0800
committer	Aaron Patterson <tenderlove@ruby-lang.org>	2023-01-17 12:29:28 -0800
commit	b79bb5ac6e7478aa02f624bd9ef00b25c2502af5 (patch)
tree	9fb521075bc2f94666a4498ae8cd6112ab7bb3e2
parent	7a9d76a7850455a5ef9403203ea757ed110e7806 (diff)
download	rack-b79bb5ac6e7478aa02f624bd9ef00b25c2502af5.tar.gz