From 879d02107b5b3eb7aeaad1cd1f259bb41f17286b Mon Sep 17 00:00:00 2001
From: Aaron Patterson <aaron@rubyonrails.org>
Date: Wed, 10 Feb 2021 09:36:15 -0800
Subject: [PATCH] Fix possible DoS vector in PostgreSQL money type

Carefully crafted input can cause a DoS via the regular expressions used
for validating the money format in the PostgreSQL adapter.  This patch
fixes the regexp.

Thanks to @dee-see from Hackerone for this patch!

[CVE-2021-22880]
---
 activerecord/test/cases/adapters/postgresql/money_test.rb | 8 ++++++++
 1 files changed, 8 insertions(+)

diff --git a/activerecord/test/cases/adapters/postgresql/money_test.rb b/activerecord/test/cases/adapters/postgresql/money_test.rb
index ff2ab22a8018..a442ce6d8cbd 100644
--- a/activerecord/test/cases/adapters/postgresql/money_test.rb
+++ b/activerecord/test/cases/adapters/postgresql/money_test.rb
@@ -62,6 +62,14 @@ def test_money_type_cast
     assert_equal(-2.25, type.cast(+"(2.25)"))
   end
 
+  def test_money_regex_backtracking
+    type = PostgresqlMoney.type_for_attribute("wealth")
+    Timeout.timeout(0.1) do
+      assert_equal(0.0, type.cast("$" + "," * 100000 + ".11!"))
+      assert_equal(0.0, type.cast("$" + "." * 100000 + ",11!"))
+    end
+  end
+
   def test_schema_dumping
     output = dump_table_schema("postgresql_moneys")
     assert_match %r{t\.money\s+"wealth",\s+scale: 2$}, output