From mboxrd@z Thu Jan  1 00:00:00 1970
Delivered-To: chneukirchen@gmail.com
Received: by 10.229.96.67 with SMTP id g3csp225423qcn; Sun, 6 May 2012
 17:39:19 -0700 (PDT)
Return-Path: <rack-devel+bncCLPHydXMHRC3s5z9BBoEs-h5uA@googlegroups.com>
Received-SPF: pass (google.com: domain of
 rack-devel+bncCLPHydXMHRC3s5z9BBoEs-h5uA@googlegroups.com designates
 10.68.216.104 as permitted sender) client-ip=10.68.216.104;
Authentication-Results: mr.google.com; spf=pass (google.com: domain of
 rack-devel+bncCLPHydXMHRC3s5z9BBoEs-h5uA@googlegroups.com designates
 10.68.216.104 as permitted sender)
 smtp.mail=rack-devel+bncCLPHydXMHRC3s5z9BBoEs-h5uA@googlegroups.com;
 dkim=pass header.i=rack-devel+bncCLPHydXMHRC3s5z9BBoEs-h5uA@googlegroups.com
Received: from mr.google.com ([10.68.216.104]) by 10.68.216.104 with SMTP id
 op8mr11248359pbc.1.1336351159275 (num_hops = 1); Sun, 06 May 2012 17:39:19
 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com;
 s=beta; h=x-beenthere:received-spf:mime-version:subject:from:in-reply-to:date
 :message-id:references:to:x-mailer:x-original-sender
 :x-original-authentication-results:reply-to:precedence:mailing-list
 :list-id:x-google-group-id:list-post:list-help:list-archive:sender
 :list-subscribe:list-unsubscribe:content-type :content-transfer-encoding;
 bh=W7WiD7qbN0GKLcL/UAaeUDxlkvmR4+yk0K7zLPPMjs4=;
 b=le7lSuS4fluQnbCp2JkmFKCCMJhRKt4sYHD3R35g9EoL/X+Cns74+0Ay0lwEuj1nWa
 3BIOATmJMMJMkbQDo6E/ZryQDXxRBejwlQoL7IgXKXyPQoDvL/BYyHfZk835joFLtBMT
 QhxoypW+B+vgd6wh9LQFbRvifzIl24NCWzIh4=
Received: by 10.68.216.104 with SMTP id op8mr1500457pbc.1.1336351159150; Sun,
 06 May 2012 17:39:19 -0700 (PDT)
X-BeenThere: rack-devel@googlegroups.com
Received: by 10.68.222.193 with SMTP id qo1ls11810496pbc.9.gmail; Sun, 06 May
 2012 17:39:18 -0700 (PDT)
Received: by 10.68.234.38 with SMTP id ub6mr4644453pbc.2.1336351158757; Sun,
 06 May 2012 17:39:18 -0700 (PDT)
Received: by 10.68.234.38 with SMTP id ub6mr4644451pbc.2.1336351158744; Sun,
 06 May 2012 17:39:18 -0700 (PDT)
Received: from mail-pb0-f47.google.com (mail-pb0-f47.google.com
 [209.85.160.47]) by gmr-mx.google.com with ESMTPS id
 or6si2566378pbc.0.2012.05.06.17.39.18 (version=TLSv1/SSLv3 cipher=OTHER);
 Sun, 06 May 2012 17:39:18 -0700 (PDT)
Received-SPF: pass (google.com: domain of lawrence.pit@gmail.com designates
 209.85.160.47 as permitted sender) client-ip=209.85.160.47;
Received: by pbbrq2 with SMTP id rq2so5838118pbb.20 for
 <rack-devel@googlegroups.com>; Sun, 06 May 2012 17:39:18 -0700 (PDT)
Received: by 10.68.233.2 with SMTP id ts2mr2646722pbc.27.1336351158562; Sun,
 06 May 2012 17:39:18 -0700 (PDT)
Received: from [10.0.1.2] (80.84.233.220.static.exetel.com.au.
 [220.233.84.80]) by mx.google.com with ESMTPS id
 u5sm16381732pbu.76.2012.05.06.17.39.16 (version=TLSv1/SSLv3 cipher=OTHER);
 Sun, 06 May 2012 17:39:17 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1257)
Subject: Re: bug report and unit test for infinite loop parsing
 Content-Disposion header
From: Lawrence Pit <lawrence.pit@gmail.com>
In-Reply-To: <20120504233415.GA25832@dcvr.yhbt.net>
Date: Mon, 7 May 2012 10:39:11 +1000
Message-Id: <DDB223C8-A00C-4EB5-9121-D370EA9264AF@gmail.com>
References:
 <eac87456-daa9-4544-a0d8-4538b7059559@o3g2000pby.googlegroups.com>
 <20120504233415.GA25832@dcvr.yhbt.net>
To: rack-devel@googlegroups.com
X-Mailer: Apple Mail (2.1257)
X-Original-Sender: lawrence.pit@gmail.com
X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com:
 domain of lawrence.pit@gmail.com designates 209.85.160.47 as permitted
 sender) smtp.mail=lawrence.pit@gmail.com; dkim=pass header.i=@gmail.com
Reply-To: rack-devel@googlegroups.com
Precedence: list
Mailing-list: list rack-devel@googlegroups.com; contact
 rack-devel+owners@googlegroups.com
List-ID: <rack-devel.googlegroups.com>
X-Google-Group-Id: 486215384060
List-Post: <http://groups.google.com/group/rack-devel/post?hl=en_US>,
 <mailto:rack-devel@googlegroups.com>
List-Help: <http://groups.google.com/support/?hl=en_US>,
 <mailto:rack-devel+help@googlegroups.com>
List-Archive: <http://groups.google.com/group/rack-devel?hl=en_US>
Sender: rack-devel@googlegroups.com
List-Subscribe:
 <http://groups.google.com/group/rack-devel/subscribe?hl=en_US>,
 <mailto:rack-devel+subscribe@googlegroups.com>
List-Unsubscribe:
 <http://groups.google.com/group/rack-devel/subscribe?hl=en_US>,
 <mailto:googlegroups-manage+486215384060+unsubscribe@googlegroups.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable


Given the value of DISPPARM must always have at least 1 character =
(according to RFC2183 and RFC2045) that fix seems correct to me.

In addition I would make the TOKEN regexp non-greedy (for the =
BROKEN_UNQUOTED case):

    TOKEN =3D /[^\s()<>,;:\\"\/\[\]?=3D]+?/

Also, why is the "@" character accepted as part of a TOKEN? It is part =
of the tspecials (in RFC2045), so I think it should not be accepted as a =
valid token character.


Cheers,
Lawrence


> I think the following should fix your issue (but I'm not sure it's
> correct):
>=20
> diff --git a/lib/rack/multipart.rb b/lib/rack/multipart.rb
> index 3777106..6849248 100644
> --- a/lib/rack/multipart.rb
> +++ b/lib/rack/multipart.rb
> @@ -12,7 +12,7 @@ module Rack
>     MULTIPART =3D %r|\Amultipart/.*boundary=3D\"?([^\";,]+)\"?|n
>     TOKEN =3D /[^\s()<>,;:\\"\/\[\]?=3D]+/
>     CONDISP =3D /Content-Disposition:\s*#{TOKEN}\s*/i
> -    DISPPARM =3D /;\s*(#{TOKEN})=3D("(?:\\"|[^"])*"|#{TOKEN})*/
> +    DISPPARM =3D /;\s*(#{TOKEN})=3D("(?:\\"|[^"])*"|#{TOKEN})/
>     RFC2183 =3D /^#{CONDISP}(#{DISPPARM})+$/i
>     BROKEN_QUOTED =3D =
/^#{CONDISP}.*;\sfilename=3D"(.*?)"(?:\s*$|\s*;\s*#{TOKEN}=3D)/i
>     BROKEN_UNQUOTED =3D /^#{CONDISP}.*;\sfilename=3D(#{TOKEN})/i