Issue #5149 has been updated by Bartosz Dz.


No, this is a buggy regex - a case of catastrophic backtracking. http://www.regular-expressions.info/catastrophic.html 

Removing the "+" after [^%] fixes it.

This is because both this "+" is greedy and the "*" at the end are greedy, so Ruby tries to match as many "[^%]"s as possible, and then to match the result as many times as possible; obviously it fails (since the next character is the percent sign), then it backtracks to one less character, and tries to match this; then again, and again. Number of repetitions skyrockets and boom, everything hangs while Ruby tries hard to backtrack and backtrack.
----------------------------------------
Bug #5149: Specific combination of regexp and string causes 100% CPU and doesn't recover
http://redmine.ruby-lang.org/issues/5149

Author: Gregory Mostizky
Status: Open
Priority: Urgent
Assignee: 
Category: 
Target version: 
ruby -v: ruby 1.9.2p136 (2010-12-25 revision 30365) [i686-linux


Specific combination of regexp and string can cause ruby process to hang with 100% CPU.

Reproducing (in irb):
/\A(?:%\h\h|[^%]+)*\z/ =~ "199542328.1312293792.1.1.utmcsr%3Dgoogle%7Cutmccn%" 
(above hangs indefinably with 100% cpu)
/\A(?:%\h\h|[^%]+)*\z/ =~ "199542328.1312293792.1.1.utmcsr%3Dgoogle%7Cutmccn"
(same but without % at the end returns succesfully)

The code in question is found in Rack:Utils (v1.3.2, not used in v1.2.1) and can basically "kill" any server process (happened to us in production on a thin machine after we upgraded to newer rack). The above bug means that it is very easy to perform DoS on affected ruby server.



-- 
http://redmine.ruby-lang.org