Fix quadratic backtracking on invalid port number

https://hackerone.com/reports/1958260
ruby · Jun 20, 2023 · 7e33934 · 7e33934
1 parent ba36c8a
commit 7e33934
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/lib/uri/rfc3986_parser.rb b/lib/uri/rfc3986_parser.rb
@@ -100,7 +100,7 @@ def default_regexp # :nodoc:
         QUERY: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/,
         FRAGMENT: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/,
         OPAQUE: /\A(?:[^\/].*)?\z/,
-        PORT: /\A[\x09\x0a\x0c\x0d ]*\d*[\x09\x0a\x0c\x0d ]*\z/,
+        PORT: /\A[\x09\x0a\x0c\x0d ]*+\d*[\x09\x0a\x0c\x0d ]*\z/,
       }
     end
 

diff --git a/test/uri/test_parser.rb b/test/uri/test_parser.rb
@@ -91,4 +91,14 @@ def test_rfc2822_parse_relative_uri
       end
     end
   end
+
+  def test_rfc3986_port_check
+    pre = ->(length) {"\t" * length + "a"}
+    uri = URI.parse("http://my.example.com")
+    assert_linear_performance((1..5).map {|i| 10**i}, pre: pre) do |port|
+      assert_raise(URI::InvalidComponentError) do
+        uri.port = port
+      end
+    end
+  end
 end