32 lines
1.1 KiB
Diff
32 lines
1.1 KiB
Diff
|
From ee25ab9a7ee981d7578f559701085b0cf39bde77 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Aaron Patterson <tenderlove@ruby-lang.org>
|
||
|
|
Date: Tue, 17 Jan 2023 12:14:29 -0800
|
||
|
|
Subject: [PATCH] Fix ReDoS vulnerability in multipart parser
|
||
|
|
|
||
|
|
This commit fixes a ReDoS vulnerability when parsing the
|
||
|
|
Content-Disposition field in multipart attachments
|
||
|
|
|
||
|
|
Thanks to @ooooooo_q for the patch!
|
||
|
|
|
||
|
|
[CVE-2022-44571]
|
||
|
|
---
|
||
|
|
lib/rack/multipart.rb | 2 +-
|
||
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/lib/rack/multipart.rb b/lib/rack/multipart.rb
|
||
|
|
index 7695fe76..fdae808a 100644
|
||
|
|
--- a/lib/rack/multipart.rb
|
||
|
|
+++ b/lib/rack/multipart.rb
|
||
|
|
@@ -18,7 +18,7 @@ module Rack
|
||
|
|
VALUE = /"(?:\\"|[^"])*"|#{TOKEN}/
|
||
|
|
BROKEN = /^#{CONDISP}.*;\s*filename=(#{VALUE})/i
|
||
|
|
MULTIPART_CONTENT_TYPE = /Content-Type: (.*)#{EOL}/ni
|
||
|
|
- MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:.*;\s*name=(#{VALUE})/ni
|
||
|
|
+ MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:[^:]*;\s*name=(#{VALUE})/ni
|
||
|
|
MULTIPART_CONTENT_ID = /Content-ID:\s*([^#{EOL}]*)/ni
|
||
|
|
# Updated definitions from RFC 2231
|
||
|
|
ATTRIBUTE_CHAR = %r{[^ \t\v\n\r)(><@,;:\\"/\[\]?='*%]}
|
||
|
|
--
|
||
|
|
2.25.1
|
||
|
|
|