packages/rubygem-rack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
rubygem-rack/Fix-CVE-2022-44570.patch
zouzhimin 506df6251b Fix CVE-2022-44570 
(cherry picked from commit 5de9014905bf9a04855c54a03662d34c84b6f02c)
2024-04-15 15:10:40 +08:00

45 lines
1.3 KiB
Diff
Raw Blame History

From f6d4f528f2df1318a6612845db0b59adc7fe8fc1 Mon Sep 17 00:00:00 2001
From: Aaron Patterson <tenderlove@ruby-lang.org>
Date: Tue, 17 Jan 2023 12:04:37 -0800
Subject: [PATCH] Fix ReDoS in Rack::Utils.get_byte_ranges
This commit fixes a ReDoS problem in `get_byte_ranges`. Thanks
@ooooooo_q for the patch!
[CVE-2022-44570]
---
lib/rack/utils.rb | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/lib/rack/utils.rb b/lib/rack/utils.rb
index 34849ded..14d9e17d 100644
--- a/lib/rack/utils.rb
+++ b/lib/rack/utils.rb
@@ -348,17 +348,18 @@ module Rack
return nil unless http_range && http_range =~ /bytes=([^;]+)/
ranges = []
$1.split(/,\s*/).each do |range_spec|
- return nil unless range_spec =~ /(\d*)-(\d*)/
- r0, r1 = $1, $2
- if r0.empty?
- return nil if r1.empty?
+ return nil unless range_spec.include?('-')
+ range = range_spec.split('-')
+ r0, r1 = range[0], range[1]
+ if r0.nil? || r0.empty?
+ return nil if r1.nil?
# suffix-byte-range-spec, represents trailing suffix of file
r0 = size - r1.to_i
r0 = 0 if r0 < 0
r1 = size - 1
else
r0 = r0.to_i
- if r1.empty?
+ if r1.nil?
r1 = size - 1
else
r1 = r1.to_i
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink