Remove catastrophic backtracking in regex

This updates the regular expression so that there is no longer a chance for it to end up catastrophically backtracking and locking up the process.
author: Bert JW Regeer <bertjw@regeer.org> 2020-02-02 15:09:09 -0800
committer: Bert JW Regeer <bertjw@regeer.org> 2020-02-02 15:09:09 -0800
commit: ac0ca050046f1538346f3975487062186195f4ca (patch)
tree: c2325db6e545234a650b7471fbb9b1f376a41029
parent: 8af9adb8e9078bfdbc3adf9153b04e2d4471222d (diff)
download: waitress-ac0ca050046f1538346f3975487062186195f4ca.tar.gz
1 files changed, 4 insertions, 4 deletions
diff --git a/waitress/rfc7230.py b/waitress/rfc7230.py
index 97a90a4..cd33c90 100644
--- a/waitress/rfc7230.py
+++ b/waitress/rfc7230.py
@@ -40,13 +40,13 @@ VCHAR = r"\x21-\x7e"
 #                  field-vchar ]
 
 FIELD_VCHAR = "[" + VCHAR + OBS_TEXT + "]"
-FIELD_CONTENT = FIELD_VCHAR + "([ \t" + VCHAR + OBS_TEXT + "]+" + FIELD_VCHAR + "){,1}"
-FIELD_VALUE = "(" + FIELD_CONTENT + "){0,}"
+# Field content is more greedy than the ABNF, in that it will match the whole value
+FIELD_CONTENT = FIELD_VCHAR + "+(?:[ \t]+" + FIELD_VCHAR + "+)*"
+# Which allows the field value here to just see if there is even a value in the first place
+FIELD_VALUE = "(?:" + FIELD_CONTENT + ")?"
 
 HEADER_FIELD = re.compile(
     tobytes(
         "^(?P<name>" + TOKEN + "):" + OWS + "(?P<value>" + FIELD_VALUE + ")" + OWS + "$"
     )
 )
-
-OWS_STRIP = re.compile(OWS + "(?P<value>.*?)" + OWS)
author	Bert JW Regeer <bertjw@regeer.org>	2020-02-02 15:09:09 -0800
committer	Bert JW Regeer <bertjw@regeer.org>	2020-02-02 15:09:09 -0800
commit	ac0ca050046f1538346f3975487062186195f4ca (patch)
tree	c2325db6e545234a650b7471fbb9b1f376a41029
parent	8af9adb8e9078bfdbc3adf9153b04e2d4471222d (diff)
download	waitress-ac0ca050046f1538346f3975487062186195f4ca.tar.gz