From mboxrd@z Thu Jan  1 00:00:00 1970
Delivered-To: chneukirchen@gmail.com
Received: by 10.229.96.67 with SMTP id g3csp138063qcn; Fri, 4 May 2012
 16:34:20 -0700 (PDT)
Return-Path: <rack-devel+bncCNSYpqGTFhD6zpH9BBoElNKpcA@googlegroups.com>
Received-SPF: pass (google.com: domain of
 rack-devel+bncCNSYpqGTFhD6zpH9BBoElNKpcA@googlegroups.com designates
 10.204.152.18 as permitted sender) client-ip=10.204.152.18;
Authentication-Results: mr.google.com; spf=pass (google.com: domain of
 rack-devel+bncCNSYpqGTFhD6zpH9BBoElNKpcA@googlegroups.com designates
 10.204.152.18 as permitted sender)
 smtp.mail=rack-devel+bncCNSYpqGTFhD6zpH9BBoElNKpcA@googlegroups.com;
 dkim=pass header.i=rack-devel+bncCNSYpqGTFhD6zpH9BBoElNKpcA@googlegroups.com
Received: from mr.google.com ([10.204.152.18]) by 10.204.152.18 with SMTP id
 e18mr2114938bkw.16.1336174459116 (num_hops = 1); Fri, 04 May 2012 16:34:19
 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com;
 s=beta; h=x-beenthere:received-spf:date:from:to:subject:message-id:references
 :mime-version:in-reply-to:user-agent:x-original-sender
 :x-original-authentication-results:reply-to:precedence:mailing-list
 :list-id:x-google-group-id:list-post:list-help:list-archive:sender
 :list-subscribe:list-unsubscribe:content-type:content-disposition;
 bh=AaqSxkc590qv0CXuQydsOfUELpcJEHfBY7GDpRsUZFw=;
 b=NYgj/pD1BJD3NlUqm6V586FQcQHkH592DWksDEcZUWQbSVSF2HUW8VvaeH++NIRIkg
 DV64BZ+qAEVmbshf9JmClHCP7FdUUZt6Ak3+J3OxT4XADa+0xOoa0NBqOvA/QnyJNIgD
 mOCBMGMuGSt8vUc3WqZkduJZEYUKyCtfmHpGA=
Received: by 10.204.152.18 with SMTP id e18mr201651bkw.16.1336174458811; Fri,
 04 May 2012 16:34:18 -0700 (PDT)
X-BeenThere: rack-devel@googlegroups.com
Received: by 10.204.129.85 with SMTP id n21ls1594764bks.6.gmail; Fri, 04 May
 2012 16:34:17 -0700 (PDT)
Received: by 10.204.141.4 with SMTP id k4mr989564bku.6.1336174457718; Fri, 04
 May 2012 16:34:17 -0700 (PDT)
Received: by 10.204.141.4 with SMTP id k4mr989563bku.6.1336174457704; Fri, 04
 May 2012 16:34:17 -0700 (PDT)
Received: from dcvr.yhbt.net (dcvr.yhbt.net. [64.71.152.64]) by
 gmr-mx.google.com with ESMTP id p5si11744934bks.1.2012.05.04.16.34.17; Fri,
 04 May 2012 16:34:17 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 normalperson@yhbt.net designates 64.71.152.64 as permitted sender)
 client-ip=64.71.152.64;
Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net
 (Postfix) with ESMTP id 002DB1F5B9; Fri,  4 May 2012 23:34:15 +0000 (UTC)
Date: Fri, 4 May 2012 16:34:15 -0700
From: Eric Wong <normalperson@yhbt.net>
To: rack-devel@googlegroups.com
Subject: Re: bug report and unit test for infinite loop parsing
 Content-Disposion header
Message-ID: <20120504233415.GA25832@dcvr.yhbt.net>
References:
 <eac87456-daa9-4544-a0d8-4538b7059559@o3g2000pby.googlegroups.com>
MIME-Version: 1.0
In-Reply-To:
 <eac87456-daa9-4544-a0d8-4538b7059559@o3g2000pby.googlegroups.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Original-Sender: normalperson@yhbt.net
X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com:
 best guess record for domain of normalperson@yhbt.net designates 64.71.152.64
 as permitted sender) smtp.mail=normalperson@yhbt.net
Reply-To: rack-devel@googlegroups.com
Precedence: list
Mailing-list: list rack-devel@googlegroups.com; contact
 rack-devel+owners@googlegroups.com
List-ID: <rack-devel.googlegroups.com>
X-Google-Group-Id: 486215384060
List-Post: <http://groups.google.com/group/rack-devel/post?hl=en_US>,
 <mailto:rack-devel@googlegroups.com>
List-Help: <http://groups.google.com/support/?hl=en_US>,
 <mailto:rack-devel+help@googlegroups.com>
List-Archive: <http://groups.google.com/group/rack-devel?hl=en_US>
Sender: rack-devel@googlegroups.com
List-Subscribe:
 <http://groups.google.com/group/rack-devel/subscribe?hl=en_US>,
 <mailto:rack-devel+subscribe@googlegroups.com>
List-Unsubscribe:
 <http://groups.google.com/group/rack-devel/subscribe?hl=en_US>,
 <mailto:googlegroups-manage+486215384060+unsubscribe@googlegroups.com>
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Paul Rogers <pmr16366@gmail.com> wrote:
> the regexp in the get_filename method in parser.rb seems to get stuck
> in an infinite loop on   the line with
> 
> if head =~ RFC2183

This is an unfortunate issue of the type of regexp engine used by Ruby

> This happens in the tests as well as in the unit test in the attached
> git commit ( is that the correct term?)

I'm not a regexp/finite-automata expert, but having multiple '*' or
mixing '*'/'+' in a regexp can be problematic.

I think the following should fix your issue (but I'm not sure it's
correct):

diff --git a/lib/rack/multipart.rb b/lib/rack/multipart.rb
index 3777106..6849248 100644
--- a/lib/rack/multipart.rb
+++ b/lib/rack/multipart.rb
@@ -12,7 +12,7 @@ module Rack
     MULTIPART = %r|\Amultipart/.*boundary=\"?([^\";,]+)\"?|n
     TOKEN = /[^\s()<>,;:\\"\/\[\]?=]+/
     CONDISP = /Content-Disposition:\s*#{TOKEN}\s*/i
-    DISPPARM = /;\s*(#{TOKEN})=("(?:\\"|[^"])*"|#{TOKEN})*/
+    DISPPARM = /;\s*(#{TOKEN})=("(?:\\"|[^"])*"|#{TOKEN})/
     RFC2183 = /^#{CONDISP}(#{DISPPARM})+$/i
     BROKEN_QUOTED = /^#{CONDISP}.*;\sfilename="(.*?)"(?:\s*$|\s*;\s*#{TOKEN}=)/i
     BROKEN_UNQUOTED = /^#{CONDISP}.*;\sfilename=(#{TOKEN})/i