diff options
author | Aaron Patterson <tenderlove@ruby-lang.org> | 2023-01-17 12:14:29 -0800 |
---|---|---|
committer | Aaron Patterson <tenderlove@ruby-lang.org> | 2023-01-17 12:29:28 -0800 |
commit | b79bb5ac6e7478aa02f624bd9ef00b25c2502af5 (patch) | |
tree | 9fb521075bc2f94666a4498ae8cd6112ab7bb3e2 | |
parent | 7a9d76a7850455a5ef9403203ea757ed110e7806 (diff) | |
download | rack-b79bb5ac6e7478aa02f624bd9ef00b25c2502af5.tar.gz |
Fix ReDoS vulnerability in multipart parser
This commit fixes a ReDoS vulnerability when parsing the
Content-Disposition field in multipart attachments
Thanks to @ooooooo_q for the patch!
[CVE-2022-44571]
-rw-r--r-- | lib/rack/multipart/parser.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/rack/multipart/parser.rb b/lib/rack/multipart/parser.rb index d624eba8..d5a3c8dd 100644 --- a/lib/rack/multipart/parser.rb +++ b/lib/rack/multipart/parser.rb @@ -23,7 +23,7 @@ module Rack VALUE = /"(?:\\"|[^"])*"|#{TOKEN}/ BROKEN = /^#{CONDISP}.*;\s*filename=(#{VALUE})/i MULTIPART_CONTENT_TYPE = /Content-Type: (.*)#{EOL}/ni - MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:.*;\s*name=(#{VALUE})/ni + MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:[^:]*;\s*name=(#{VALUE})/ni MULTIPART_CONTENT_ID = /Content-ID:\s*([^#{EOL}]*)/ni # Updated definitions from RFC 2231 ATTRIBUTE_CHAR = %r{[^ \x00-\x1f\x7f)(><@,;:\\"/\[\]?='*%]} |