Fix ReDoS vulnerability in multipart parser

This commit fixes a ReDoS vulnerability when parsing the Content-Disposition field in multipart attachments Thanks to @ooooooo_q for the patch! [CVE-2022-44571]
rack · Jan 17, 2023 · ee25ab9 · ee25ab9
1 parent 19e49f0
commit ee25ab9
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/rack/multipart.rb b/lib/rack/multipart.rb
@@ -18,7 +18,7 @@ module Multipart
  VALUE = /"(?:\\"|[^"])*"|#{TOKEN}/
  BROKEN = /^#{CONDISP}.*;\s*filename=(#{VALUE})/i
  MULTIPART_CONTENT_TYPE = /Content-Type: (.*)#{EOL}/ni
- MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:.*;\s*name=(#{VALUE})/ni
+ MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:[^:]*;\s*name=(#{VALUE})/ni
  MULTIPART_CONTENT_ID = /Content-ID:\s*([^#{EOL}]*)/ni
  # Updated definitions from RFC 2231
  ATTRIBUTE_CHAR = %r{[^ \x00-\x1f\x7f)(><@,;:\\"/\[\]?='*%]}