ruby-changes:58070

https://git.ruby-lang.org/ruby.git/commit/?id=05cdcdc6ec

From 05cdcdc6ec7f0777ba56100308e54e97e277293f Mon Sep 17 00:00:00 2001
From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 1 Oct 2019 10:59:42 +0000
Subject: merge revision(s) 36e057e26ef2104bc2349799d6c52d22bb1c7d03

Loop with String#scan without creating substrings

Create the substrings necessary parts only, instead of cutting the
rest of the buffer.  Also removed a useless, probable typo, regexp.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@67811 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

diff --git a/lib/webrick/httpauth/digestauth.rb b/lib/webrick/httpauth/digestauth.rb
index 94f849a..c2d5c16 100644
--- a/lib/webrick/httpauth/digestauth.rb
+++ b/lib/webrick/httpauth/digestauth.rb
@@ -290,23 +290,8 @@ module WEBrick https://github.com/ruby/ruby/blob/trunk/lib/webrick/httpauth/digestauth.rb#L290
 
       def split_param_value(string)
         ret = {}
-        while string.bytesize != 0
-          case string
-          when /^\s*([\w\-\.\*\%\!]+)=\s*\"((\\.|[^\"])*)\"\s*,?/
-            key = $1
-            matched = $2
-            string = $'
-            ret[key] = matched.gsub(/\\(.)/, "\\1")
-          when /^\s*([\w\-\.\*\%\!]+)=\s*([^,\"]*),?/
-            key = $1
-            matched = $2
-            string = $'
-            ret[key] = matched.clone
-          when /^s*^,/
-            string = $'
-          else
-            break
-          end
+        string.scan(/\G\s*([\w\-.*%!]+)=\s*(?:\"((?>\\.|[^\"])*)\"|([^,\"]*))\s*,?/) do
+          ret[$1] = $3 || $2.gsub(/\\(.)/, "\\1")
         end
         ret
       end
diff --git a/test/webrick/test_httpauth.rb b/test/webrick/test_httpauth.rb
index ff539f0..e407dd4 100644
--- a/test/webrick/test_httpauth.rb
+++ b/test/webrick/test_httpauth.rb
@@ -292,6 +292,28 @@ class TestWEBrickHTTPAuth < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/webrick/test_httpauth.rb#L292
     }
   end
 
+  def test_digest_auth_invalid
+    digest_auth = WEBrick::HTTPAuth::DigestAuth.new(Realm: 'realm', UserDB: '')
+
+    def digest_auth.error(fmt, *)
+    end
+
+    def digest_auth.try_bad_request(len)
+      request = {"Authorization" => %[Digest a="#{'\b'*len}]}
+      authenticate request, nil
+    end
+
+    bad_request = WEBrick::HTTPStatus::BadRequest
+    t0 = Process.clock_gettime(Process::CLOCK_MONOTONIC)
+    assert_raise(bad_request) {digest_auth.try_bad_request(10)}
+    limit = (Process.clock_gettime(Process::CLOCK_MONOTONIC) - t0)
+    [20, 50, 100, 200].each do |len|
+      assert_raise(bad_request) do
+        Timeout.timeout(len*limit) {digest_auth.try_bad_request(len)}
+      end
+    end
+  end
+
   private
   def credentials_for_request(user, password, params, body = nil)
     cnonce = "hoge"
diff --git a/version.h b/version.h
index f8eb732..91f84e7 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/version.h#L1
 #define RUBY_VERSION "2.5.7"
 #define RUBY_RELEASE_DATE "2019-10-01"
-#define RUBY_PATCHLEVEL 203
+#define RUBY_PATCHLEVEL 204
 
 #define RUBY_RELEASE_YEAR 2019
 #define RUBY_RELEASE_MONTH 10
-- 
cgit v0.10.2


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/