Skip to content

Commit

Permalink
Remove catastrophic backtracking in regex
Browse files Browse the repository at this point in the history 
This updates the regular expression so that there is no longer a chance
for it to end up catastrophically backtracking and locking up the
process.
  • Loading branch information
@digitalresistor
digitalresistor committed Feb 2, 2020
1 parent 8af9adb commit ac0ca05
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions waitress/rfc7230.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,13 +40,13 @@
# field-vchar ]

FIELD_VCHAR = "[" + VCHAR + OBS_TEXT + "]"
FIELD_CONTENT = FIELD_VCHAR + "([ \t" + VCHAR + OBS_TEXT + "]+" + FIELD_VCHAR + "){,1}"
FIELD_VALUE = "(" + FIELD_CONTENT + "){0,}"
# Field content is more greedy than the ABNF, in that it will match the whole value
FIELD_CONTENT = FIELD_VCHAR + "+(?:[ \t]+" + FIELD_VCHAR + "+)*"
# Which allows the field value here to just see if there is even a value in the first place
FIELD_VALUE = "(?:" + FIELD_CONTENT + ")?"

HEADER_FIELD = re.compile(
tobytes(
"^(?P<name>" + TOKEN + "):" + OWS + "(?P<value>" + FIELD_VALUE + ")" + OWS + "$"
)
)

OWS_STRIP = re.compile(OWS + "(?P<value>.*?)" + OWS)

0 comments on commit ac0ca05

Please sign in to comment.