From: Alex Young Date: 2011-08-03T01:15:07+09:00 Subject: [ruby-core:38726] [Ruby 1.9 - Bug #5149] Specific combination of regexp and string causes 100% CPU and doesn't recover Issue #5149 has been updated by Alex Young. File uri.patch added I'd disagree with the location of this bug. I've had a quick look, and while this doesn't look like a Ruby bug, perhaps it ought to be. The regex as given: /\A(?:%\h\h|[^%]+)*\z/ does not appear in Rack, but *does* appear in lib/ruby/1.9.1/uri/common.rb (line 778 in -p290). Rack has this: /\A(?:%[0-9a-fA-F]{2}|[^%])*\z/ This would not appear to suffer from the same exponential behaviour as that in URI, while apparently validating the same strings. Perhaps the appropriate substitution should be made in uri/common.rb? Patch untested, but "looks right". ---------------------------------------- Bug #5149: Specific combination of regexp and string causes 100% CPU and doesn't recover http://redmine.ruby-lang.org/issues/5149 Author: Gregory Mostizky Status: Open Priority: Urgent Assignee: Category: Target version: ruby -v: ruby 1.9.2p136 (2010-12-25 revision 30365) [i686-linux Specific combination of regexp and string can cause ruby process to hang with 100% CPU. Reproducing (in irb): /\A(?:%\h\h|[^%]+)*\z/ =~ "199542328.1312293792.1.1.utmcsr%3Dgoogle%7Cutmccn%" (above hangs indefinably with 100% cpu) /\A(?:%\h\h|[^%]+)*\z/ =~ "199542328.1312293792.1.1.utmcsr%3Dgoogle%7Cutmccn" (same but without % at the end returns succesfully) The code in question is found in Rack:Utils (v1.3.2, not used in v1.2.1) and can basically "kill" any server process (happened to us in production on a thin machine after we upgraded to newer rack). The above bug means that it is very easy to perform DoS on affected ruby server. -- http://redmine.ruby-lang.org