Fix ReDoS vulnerability in multipart parser

This commit fixes a ReDoS vulnerability when parsing the Content-Disposition field in multipart attachments Thanks to @ooooooo_q for the patch! [CVE-2022-44571]
author: Aaron Patterson <tenderlove@ruby-lang.org> 2023-01-17 12:14:29 -0800
committer: Aaron Patterson <tenderlove@ruby-lang.org> 2023-01-17 12:30:11 -0800
commit: 4e33ad10bf5f16d25c156f905bcc548e7f787bc3 (patch)
tree: 95ac04ad4c23b04f8e19f8fb805dc3e48bea3879
parent: 52721ae0b730e3920ad5375dfd5a3ea9b4f9e359 (diff)
download: rack-4e33ad10bf5f16d25c156f905bcc548e7f787bc3.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/rack/multipart.rb b/lib/rack/multipart.rb
index 22c0eaec..7a49ef62 100644
--- a/lib/rack/multipart.rb
+++ b/lib/rack/multipart.rb
@@ -16,7 +16,7 @@ module Rack
     VALUE = /"(?:\\"|[^"])*"|#{TOKEN}/
     BROKEN = /^#{CONDISP}.*;\s*filename=(#{VALUE})/i
     MULTIPART_CONTENT_TYPE = /Content-Type: (.*)#{EOL}/ni
-    MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:.*\s+name=(#{VALUE})/ni
+    MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:[^:]*;\s+name=(#{VALUE})/ni
     MULTIPART_CONTENT_ID = /Content-ID:\s*([^#{EOL}]*)/ni
     # Updated definitions from RFC 2231
     ATTRIBUTE_CHAR = %r{[^ \x00-\x1f\x7f)(><@,;:\\"/\[\]?='*%]}
author	Aaron Patterson <tenderlove@ruby-lang.org>	2023-01-17 12:14:29 -0800
committer	Aaron Patterson <tenderlove@ruby-lang.org>	2023-01-17 12:30:11 -0800
commit	4e33ad10bf5f16d25c156f905bcc548e7f787bc3 (patch)
tree	95ac04ad4c23b04f8e19f8fb805dc3e48bea3879
parent	52721ae0b730e3920ad5375dfd5a3ea9b4f9e359 (diff)
download	rack-4e33ad10bf5f16d25c156f905bcc548e7f787bc3.tar.gz