ruby.git - The Ruby Programming Language

diff options

author	Kazuki Yamaguchi <k@rhe.jp>	2026-04-13 19:16:59 +0900
committer	git <svn-admin@ruby-lang.org>	2026-05-30 09:03:21 +0000
commit	0765e35cba266e577db3b8542226791a2122d184 (patch)
tree	40dcea9a480a665f2d4b6eda5fd5edf989c8891f /spec/ruby/library/net-http/http/lock_spec.rb
parent	6fa38d36257dea94dd1e68f8e6447e1863854848 (diff)

[ruby/openssl] asn1: limit nesting depth in OpenSSL::ASN1.decodeHEAD master

Feeding a deeply nested constructed encoding to OpenSSL::ASN1.decode, .decode_all, or .traverse can cause unbounded recursion and result in SystemStackError. Add an explicit nesting depth limit of 200 levels and raise OpenSSL::ASN1::ASN1Error if it is exceeded. This limit is arbitrary and currently not configurable, but should be sufficient for any practical use cases. Fixes https://hackerone.com/reports/3662125 https://github.com/ruby/openssl/commit/fc753239cc

Diffstat (limited to 'spec/ruby/library/net-http/http/lock_spec.rb')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: