From 9b5fb5c7ef0e39b959a6c5c0005d9af44a29d6f8 Mon Sep 17 00:00:00 2001 From: Aaron Patterson Date: Tue, 17 Jan 2023 12:14:29 -0800 Subject: [PATCH] Fix ReDoS vulnerability in multipart parser This commit fixes a ReDoS vulnerability when parsing the Content-Disposition field in multipart attachments Thanks to @ooooooo_q for the patch! [CVE-2022-44571] --- lib/rack/multipart.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/lib/rack/multipart.rb +++ b/lib/rack/multipart.rb @@ -18,7 +18,7 @@ VALUE = /"(?:\\"|[^"])*"|#{TOKEN}/ BROKEN = /^#{CONDISP}.*;\s*filename=(#{VALUE})/i MULTIPART_CONTENT_TYPE = /Content-Type: (.*)#{EOL}/ni - MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:.*;\s*name=(#{VALUE})/ni + MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:[^:]*;\s*name=(#{VALUE})/ni MULTIPART_CONTENT_ID = /Content-ID:\s*([^#{EOL}]*)/ni # Updated definitions from RFC 2231 ATTRIBUTE_CHAR = %r{[^ \t\v\n\r)(><@,;:\\"/\[\]?='*%]}