[ruby/uri] Fix quadratic backtracking on invalid port number
https://hackerone.com/reports/1958260 https://github.com/ruby/uri/commit/9d7bcef1e6
This commit is contained in:
parent
1eff362492
commit
995ce947be
@ -164,7 +164,7 @@ module URI
|
|||||||
QUERY: %r[\A(?:%\h\h|[!$&-.0-9:;=@A-Z_a-z~/?])*+\z],
|
QUERY: %r[\A(?:%\h\h|[!$&-.0-9:;=@A-Z_a-z~/?])*+\z],
|
||||||
FRAGMENT: %r[\A#{FRAGMENT}\z]o,
|
FRAGMENT: %r[\A#{FRAGMENT}\z]o,
|
||||||
OPAQUE: %r[\A(?:[^/].*)?\z],
|
OPAQUE: %r[\A(?:[^/].*)?\z],
|
||||||
PORT: /\A[\x09\x0a\x0c\x0d ]*\d*[\x09\x0a\x0c\x0d ]*\z/,
|
PORT: /\A[\x09\x0a\x0c\x0d ]*+\d*[\x09\x0a\x0c\x0d ]*\z/,
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -99,4 +99,14 @@ class URI::TestParser < Test::Unit::TestCase
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def test_rfc3986_port_check
|
||||||
|
pre = ->(length) {"\t" * length + "a"}
|
||||||
|
uri = URI.parse("http://my.example.com")
|
||||||
|
assert_linear_performance((1..5).map {|i| 10**i}, pre: pre) do |port|
|
||||||
|
assert_raise(URI::InvalidComponentError) do
|
||||||
|
uri.port = port
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
Loading…
x
Reference in New Issue
Block a user