diff options
| author | Nobuyoshi Nakada <nobu@ruby-lang.org> | 2022-11-29 16:22:15 +0900 |
|---|---|---|
| committer | git <svn-admin@ruby-lang.org> | 2023-03-30 10:44:38 +0000 |
| commit | aa3885501f89e4927a72ccc1f90ff9cbc4140e17 (patch) | |
| tree | a2b20cab3a83843e2865bb084aeae2da09341f0d /lib | |
| parent | 623027bf0b5ea8924bb0a680f8e1ddde5116a5df (diff) | |
[ruby/time] Fix quadratic backtracking on invalid time
https://hackerone.com/reports/1485501
https://github.com/ruby/time/commit/2444456fc1
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/time.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/time.rb b/lib/time.rb index 43c4d802e5..2c85f94cb2 100644 --- a/lib/time.rb +++ b/lib/time.rb @@ -509,8 +509,8 @@ class Time (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s+ (\d{2,})\s+ (\d{2})\s* - :\s*(\d{2})\s* - (?::\s*(\d{2}))?\s+ + :\s*(\d{2}) + (?:\s*:\s*(\d{2}))?\s+ ([+-]\d{4}| UT|GMT|EST|EDT|CST|CDT|MST|MDT|PST|PDT|[A-IK-Z])/ix =~ date # Since RFC 2822 permit comments, the regexp has no right anchor. |