diff options
author | Aaron Patterson <tenderlove@ruby-lang.org> | 2023-01-17 12:14:29 -0800 |
---|---|---|
committer | Aaron Patterson <tenderlove@ruby-lang.org> | 2023-01-17 12:30:11 -0800 |
commit | 4e33ad10bf5f16d25c156f905bcc548e7f787bc3 (patch) | |
tree | 95ac04ad4c23b04f8e19f8fb805dc3e48bea3879 | |
parent | 52721ae0b730e3920ad5375dfd5a3ea9b4f9e359 (diff) | |
download | rack-4e33ad10bf5f16d25c156f905bcc548e7f787bc3.tar.gz |
Fix ReDoS vulnerability in multipart parser
This commit fixes a ReDoS vulnerability when parsing the
Content-Disposition field in multipart attachments
Thanks to @ooooooo_q for the patch!
[CVE-2022-44571]
-rw-r--r-- | lib/rack/multipart.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/rack/multipart.rb b/lib/rack/multipart.rb index 22c0eaec..7a49ef62 100644 --- a/lib/rack/multipart.rb +++ b/lib/rack/multipart.rb @@ -16,7 +16,7 @@ module Rack VALUE = /"(?:\\"|[^"])*"|#{TOKEN}/ BROKEN = /^#{CONDISP}.*;\s*filename=(#{VALUE})/i MULTIPART_CONTENT_TYPE = /Content-Type: (.*)#{EOL}/ni - MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:.*\s+name=(#{VALUE})/ni + MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:[^:]*;\s+name=(#{VALUE})/ni MULTIPART_CONTENT_ID = /Content-ID:\s*([^#{EOL}]*)/ni # Updated definitions from RFC 2231 ATTRIBUTE_CHAR = %r{[^ \x00-\x1f\x7f)(><@,;:\\"/\[\]?='*%]} |