From f66ef5c8255dcea82c1b2665fc9ab948b76bb437 Mon Sep 17 00:00:00 2001
From: Aaron Patterson <tenderlove@ruby-lang.org>
Date: Tue, 17 Jan 2023 12:04:37 -0800
Subject: [PATCH] Fix ReDoS in Rack::Utils.get_byte_ranges

This commit fixes a ReDoS problem in `get_byte_ranges`.  Thanks
@ooooooo_q for the patch!

[CVE-2022-44570]
---
 lib/rack/utils.rb | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

--- a/lib/rack/utils.rb
+++ b/lib/rack/utils.rb
@@ -350,17 +350,18 @@
       return nil unless http_range && http_range =~ /bytes=([^;]+)/
       ranges = []
       $1.split(/,\s*/).each do |range_spec|
-        return nil  unless range_spec =~ /(\d*)-(\d*)/
-        r0, r1 = $1, $2
-        if r0.empty?
-          return nil  if r1.empty?
+        return nil unless range_spec.include?('-')
+        range = range_spec.split('-')
+        r0, r1 = range[0], range[1]
+        if r0.nil? || r0.empty?
+          return nil if r1.nil?
           # suffix-byte-range-spec, represents trailing suffix of file
           r0 = size - r1.to_i
           r0 = 0  if r0 < 0
           r1 = size - 1
         else
           r0 = r0.to_i
-          if r1.empty?
+          if r1.nil?
             r1 = size - 1
           else
             r1 = r1.to_i