fix #1194: Regular expression catastrophic backtracking in bottle.Router.rule_syntax

This backports the patch from aaee93a5b1dfc78cb9119797df5c766a53872c5b to the 0.12 release branch. This fix can be validated with the following command from the issue: python -c "import bottle; list(bottle.Router.rule_syntax.finditer('<abc:def:' + '.' * 64 + '<'))"
author: Aaron Taylor <git@ataylor.io> 2022-11-01 15:02:51 -0400
committer: Marcel Hellkamp <marc@gsites.de> 2023-03-04 16:32:26 +0100
commit: 248f901ae7beb8c70cb46f4f8c6327e7f697319a (patch)
tree: 98b93ab23d13f7a57547ff1c63b0364eae6ec436
parent: 18a3eb480d251b818223ae64412b128743526e08 (diff)
download: bottle-248f901ae7beb8c70cb46f4f8c6327e7f697319a.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/bottle.py b/bottle.py
index d2d6667..d38de98 100644
--- a/bottle.py
+++ b/bottle.py
@@ -308,7 +308,7 @@ class Router(object):
     rule_syntax = re.compile('(\\\\*)'\
         '(?:(?::([a-zA-Z_][a-zA-Z_0-9]*)?()(?:#(.*?)#)?)'\
           '|(?:<([a-zA-Z_][a-zA-Z_0-9]*)?(?::([a-zA-Z_]*)'\
-            '(?::((?:\\\\.|[^\\\\>]+)+)?)?)?>))')
+            '(?::((?:\\\\.|[^\\\\>])+)?)?)?>))')
 
     def _itertokens(self, rule):
         offset, prefix = 0, ''
author	Aaron Taylor <git@ataylor.io>	2022-11-01 15:02:51 -0400
committer	Marcel Hellkamp <marc@gsites.de>	2023-03-04 16:32:26 +0100
commit	248f901ae7beb8c70cb46f4f8c6327e7f697319a (patch)
tree	98b93ab23d13f7a57547ff1c63b0364eae6ec436
parent	18a3eb480d251b818223ae64412b128743526e08 (diff)
download	bottle-248f901ae7beb8c70cb46f4f8c6327e7f697319a.tar.gz