Skip to content

gh-146333: Fix quadratic regex backtracking in configparser option parsing #146399

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
joshuaswanson wants to merge 2 commits into
base: main
Choose a base branch
from
Open

gh-146333: Fix quadratic regex backtracking in configparser option parsing #146399

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
85407ee
gh-146333: Fix quadratic regex backtracking in configparser option pa…
joshuaswanson Mar 24, 2026
ef1c148
Use negative lookahead in option regex to prevent backtracking
joshuaswanson Mar 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions Lib/configparser.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -613,15 +613,19 @@ class RawConfigParser(MutableMapping):
\] # ]
"""
_OPT_TMPL = r"""
(?P<option>.*?) # very permissive!
(?P<option> # very permissive!
(?:(?!{delim})\S)* # non-delimiter non-whitespace
(?:\s+(?:(?!{delim})\S)+)*) # optionally more words
\s*(?P<vi>{delim})\s* # any number of space/tab,
# followed by any of the
# allowed delimiters,
# followed by any space/tab
(?P<value>.*)$ # everything up to eol
"""
_OPT_NV_TMPL = r"""
(?P<option>.*?) # very permissive!
(?P<option> # very permissive!
(?:(?!{delim})\S)* # non-delimiter non-whitespace
(?:\s+(?:(?!{delim})\S)+)*) # optionally more words
\s*(?: # any number of space/tab,
(?P<vi>{delim})\s* # optionally followed by
# any of the allowed
Expand Down
20 changes: 20 additions & 0 deletions Lib/test/test_configparser.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2270,6 +2270,26 @@ def test_section_bracket_in_key(self):
output.close()


class ReDoSTestCase(unittest.TestCase):
"""Regression tests for quadratic regex backtracking (gh-146333)."""

def test_option_regex_does_not_backtrack(self):
# A line with many spaces between non-delimiter characters
# should be parsed in linear time, not quadratic.
parser = configparser.RawConfigParser()
content = "[section]\n" + "x" + " " * 40000 + "y" + "\n"
# This should complete almost instantly. Before the fix,
# it would take over a minute due to catastrophic backtracking.
with self.assertRaises(configparser.ParsingError):
parser.read_string(content)

def test_option_regex_no_value_does_not_backtrack(self):
parser = configparser.RawConfigParser(allow_no_value=True)
content = "[section]\n" + "x" + " " * 40000 + "y" + "\n"
parser.read_string(content)
self.assertTrue(parser.has_option("section", "x" + " " * 40000 + "y"))


class MiscTestCase(unittest.TestCase):
def test__all__(self):
support.check__all__(self, configparser, not_exported={"Error"})
Expand Down
3 changes: 3 additions & 0 deletions Misc/NEWS.d/next/Security/2026-03-25-00-51-03.gh-issue-146333.LqdL__bn.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Fix quadratic backtracking in :class:`configparser.RawConfigParser` option
parsing regexes (``OPTCRE`` and ``OPTCRE_NV``). A crafted configuration line
with many whitespace characters could cause excessive CPU usage.
Loading