diff options
author | Marcel Hellkamp <marc@gsites.de> | 2020-01-03 19:49:09 +0100 |
---|---|---|
committer | Marcel Hellkamp <marc@gsites.de> | 2020-01-03 19:53:48 +0100 |
commit | c84c57f6eaf329266d72fddfa524fb9b360d67ae (patch) | |
tree | 42ecd81aec34a72cdb251e1be777c3bde0cdd933 | |
parent | 8561ffbc2ed2b16b4f7f90520d148e37e251d107 (diff) | |
download | bottle-c84c57f6eaf329266d72fddfa524fb9b360d67ae.tar.gz |
Fix catastrophic backtracking issue in header parsing regular expression.
The affected pattern is only used from a single non-public function,
which in turn is not actually used anywhere. It's in dead code. No
security issue.
-rwxr-xr-x | bottle.py | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -3017,7 +3017,7 @@ def parse_range_header(header, maxlen=0): #: Header tokenizer used by _parse_http_header() -_hsplit = re.compile('(?:(?:"((?:[^"\\\\]+|\\\\.)*)")|([^;,=]+))([;,=]?)').findall +_hsplit = re.compile('(?:(?:"((?:[^"\\\\]|\\\\.)*)")|([^;,=]+))([;,=]?)').findall def _parse_http_header(h): """ Parses a typical multi-valued and parametrised HTTP header (e.g. Accept headers) and returns a list of values |