From 1eff362492f4a0ca8d6d036c958afa7961e827f0 Mon Sep 17 00:00:00 2001
From: Nobuyoshi Nakada <nobu@ruby-lang.org>
Date: Sat, 22 Apr 2023 20:08:32 +0900
Subject: [PATCH] [ruby/uri] Fix quadratic backtracking on invalid relative URI

https://hackerone.com/reports/1958260

https://github.com/ruby/uri/commit/9010ee2536
---
 lib/uri/rfc2396_parser.rb |  4 ++--
 test/uri/test_parser.rb   | 12 ++++++++++++
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/lib/uri/rfc2396_parser.rb b/lib/uri/rfc2396_parser.rb
index 76a8f99fd48ccd..00c66cf0422213 100644
--- a/lib/uri/rfc2396_parser.rb
+++ b/lib/uri/rfc2396_parser.rb
@@ -497,8 +497,8 @@ def initialize_regexp(pattern)
       ret = {}
 
       # for URI::split
-      ret[:ABS_URI] = Regexp.new('\A\s*' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED)
-      ret[:REL_URI] = Regexp.new('\A\s*' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED)
+      ret[:ABS_URI] = Regexp.new('\A\s*+' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED)
+      ret[:REL_URI] = Regexp.new('\A\s*+' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED)
 
       # for URI::extract
       ret[:URI_REF]     = Regexp.new(pattern[:URI_REF])
diff --git a/test/uri/test_parser.rb b/test/uri/test_parser.rb
index 70d476b0c46092..55abe2c583a83f 100644
--- a/test/uri/test_parser.rb
+++ b/test/uri/test_parser.rb
@@ -87,4 +87,16 @@ def test_split
       URI.parse("foo@example:foo")
     end
   end
+
+  def test_rfc2822_parse_relative_uri
+    pre = ->(length) {
+      " " * length + "\0"
+    }
+    parser = URI::RFC2396_Parser.new
+    assert_linear_performance((1..5).map {|i| 10**i}, pre: pre) do |uri|
+      assert_raise(URI::InvalidURIError) do
+        parser.split(uri)
+      end
+    end
+  end
 end