From 248f901ae7beb8c70cb46f4f8c6327e7f697319a Mon Sep 17 00:00:00 2001
From: Aaron Taylor <git@ataylor.io>
Date: Tue, 1 Nov 2022 15:02:51 -0400
Subject: fix #1194: Regular expression catastrophic backtracking in
 bottle.Router.rule_syntax

This backports the patch from aaee93a5b1dfc78cb9119797df5c766a53872c5b to the 0.12 release branch.

This fix can be validated with the following command from the issue:

    python -c "import bottle; list(bottle.Router.rule_syntax.finditer('<abc:def:' + '.' * 64 + '<'))"
---
 bottle.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bottle.py b/bottle.py
index d2d6667..d38de98 100644
--- a/bottle.py
+++ b/bottle.py
@@ -308,7 +308,7 @@ class Router(object):
     rule_syntax = re.compile('(\\\\*)'\
         '(?:(?::([a-zA-Z_][a-zA-Z_0-9]*)?()(?:#(.*?)#)?)'\
           '|(?:<([a-zA-Z_][a-zA-Z_0-9]*)?(?::([a-zA-Z_]*)'\
-            '(?::((?:\\\\.|[^\\\\>]+)+)?)?)?>))')
+            '(?::((?:\\\\.|[^\\\\>])+)?)?)?>))')
 
     def _itertokens(self, rule):
         offset, prefix = 0, ''
-- 
cgit v1.2.1