From ee7919ea04303717858be1c3f16b406adc6d8cff Mon Sep 17 00:00:00 2001
From: Aaron Patterson <tenderlove@ruby-lang.org>
Date: Mon, 13 Mar 2023 10:58:13 -0700
Subject: [PATCH] Avoid ReDoS problem

Split headers on commas, then strip the strings in order to avoid ReDoS
issues.

[CVE-2023-27539]
---
 lib/rack/request.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/rack/request.rb b/lib/rack/request.rb
index 750a0dc4..fea98459 100644
--- a/lib/rack/request.rb
+++ b/lib/rack/request.rb
@@ -572,8 +572,8 @@ module Rack
       end
 
       def parse_http_accept_header(header)
-        header.to_s.split(/\s*,\s*/).map do |part|
-          attribute, parameters = part.split(/\s*;\s*/, 2)
+        header.to_s.split(",").each(&:strip!).map do |part|
+          attribute, parameters = part.split(";", 2).each(&:strip!)
           quality = 1.0
           if parameters and /\Aq=([\d.]+)/ =~ parameters
             quality = $1.to_f
-- 
2.37.1