gh-146333: Fix quadratic regex backtracking in configparser option parsing

joshuaswanson · joshuaswanson · commit 12c55b16776a · 2026-03-25T00:57:03.000+01:00
diff --git a/Lib/configparser.py b/Lib/configparser.py
@@ -614,17 +614,14 @@ class RawConfigParser(MutableMapping):
         """
     _OPT_TMPL = r"""
         (?P<option>.*?)                    # very permissive!
-        \s*(?P<vi>{delim})\s*              # any number of space/tab,
-                                           # followed by any of the
-                                           # allowed delimiters,
+        (?P<vi>{delim})\s*                 # any of the allowed delimiters,
                                            # followed by any space/tab
         (?P<value>.*)$                     # everything up to eol
         """
     _OPT_NV_TMPL = r"""
         (?P<option>.*?)                    # very permissive!
-        \s*(?:                             # any number of space/tab,
-        (?P<vi>{delim})\s*                 # optionally followed by
-                                           # any of the allowed
+        (?:                                # optionally:
+        (?P<vi>{delim})\s*                 # any of the allowed
                                            # delimiters, followed by any
                                            # space/tab
         (?P<value>.*))?$                   # everything up to eol
diff --git a/Lib/test/test_configparser.py b/Lib/test/test_configparser.py
@@ -2270,6 +2270,30 @@ def test_section_bracket_in_key(self):
         output.close()
 
 
+class ReDoSTestCase(unittest.TestCase):
+    """Regression tests for quadratic regex backtracking (gh-146333)."""
+
+    def test_option_regex_does_not_backtrack(self):
+        # A line with many spaces between non-delimiter characters
+        # should be parsed in linear time, not quadratic.
+        parser = configparser.RawConfigParser()
+        content = "[section]
+" + "x" + " " * 40000 + "y" + "
+"
+        # This should complete almost instantly. Before the fix,
+        # it would take over a minute due to catastrophic backtracking.
+        with self.assertRaises(configparser.ParsingError):
+            parser.read_string(content)
+
+    def test_option_regex_no_value_does_not_backtrack(self):
+        parser = configparser.RawConfigParser(allow_no_value=True)
+        content = "[section]
+" + "x" + " " * 40000 + "y" + "
+"
+        parser.read_string(content)
+        self.assertTrue(parser.has_option("section", "x" + " " * 40000 + "y"))
+
+
 class MiscTestCase(unittest.TestCase):
     def test__all__(self):
         support.check__all__(self, configparser, not_exported={"Error"})
diff --git a/Misc/NEWS.d/next/Security/2026-03-25-00-51-03.gh-issue-146333.LqdL__bn.rst b/Misc/NEWS.d/next/Security/2026-03-25-00-51-03.gh-issue-146333.LqdL__bn.rst
@@ -0,0 +1,3 @@
+Fix quadratic backtracking in :class:`configparser.RawConfigParser` option
+parsing regexes (``OPTCRE`` and ``OPTCRE_NV``). A crafted configuration line
+with many whitespace characters could cause excessive CPU usage.

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+Fix quadratic backtracking in :class:`configparser.RawConfigParser` option
	`2`	+parsing regexes (``OPTCRE`` and ``OPTCRE_NV``). A crafted configuration line
	`3`	`+with many whitespace characters could cause excessive CPU usage.`