Overview

File rubygem-rack-CVE-2024-26146.patch of Package rubygem-rack.32805

From 30b8e39a578b25d4bdcc082c1c52c6f164b59716 Mon Sep 17 00:00:00 2001
From: Aaron Patterson <tenderlove@ruby-lang.org>
Date: Wed, 21 Feb 2024 11:05:06 -0800
Subject: [PATCH] Fixing ReDoS in header parsing

Thanks svalkanov

[CVE-2024-26146]
---
 lib/rack/utils.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Index: rack-1.6.13/lib/rack/utils.rb
===================================================================
--- rack-1.6.13.orig/lib/rack/utils.rb
+++ rack-1.6.13/lib/rack/utils.rb
@@ -203,8 +203,8 @@ module Rack
     module_function :build_nested_query
 
     def q_values(q_value_header)
-      q_value_header.to_s.split(/\s*,\s*/).map do |part|
-        value, parameters = part.split(/\s*;\s*/, 2)
+      q_value_header.to_s.split(',').map do |part|
+        value, parameters = part.split(';', 2).map(&:strip)
         quality = 1.0
         if md = /\Aq=([\d.]+)/.match(parameters)
           quality = md[1].to_f
openSUSE Build Service is sponsored by
Places