diff options
author | nagachika <nagachika@ruby-lang.org> | 2021-04-29 17:20:52 +0900 |
---|---|---|
committer | nagachika <nagachika@ruby-lang.org> | 2021-04-29 17:20:52 +0900 |
commit | 58240b5d0b52d9685b773e5b9e45d22ca500392a (patch) | |
tree | d27c86169056f3b5f5e8bfbf98640af44e21b162 /test/net | |
parent | 13f93ad16d3d1ecf96ece229cd4bc5ea294e1a71 (diff) |
merge revision(s) 4ae27d8075b2d138d13cb2b112f0ee50934b3017,2670509ebba5ba31a5bf34cf906943075446e005,8e2ac2140d1cd9c163c1556df58c020dc22ab269:
[ruby/net-ftp] Reduce resource cosumption of Net::FTP::TIME_PARSER
Reported by Alexandr Savca as a DoS vulnerability, but Net::FTP is a
client library and the impact of the issue is low, so I have decided
to fix it as a normal issue.
Based on patch by nobu.
https://github.com/ruby/net-ftp/commit/a93af636f8
---
lib/net/ftp.rb | 5 +++--
test/net/ftp/test_ftp.rb | 11 +++++++++++
2 files changed, 14 insertions(+), 2 deletions(-)
[ruby/net-ftp] Add test cases
https://github.com/ruby/net-ftp/commit/865232bb2a
---
test/net/ftp/test_ftp.rb | 6 ++++++
1 file changed, 6 insertions(+)
test/net/ftp/test_ftp.rb: reduce the size of a long response
"9" * 999999999 (about 1 GB) was too large for some CI servers.
This commit changes the size to 999999 (about 1 MB).
http://rubyci.s3.amazonaws.com/scw-9d6766/ruby-master/log/20210427T141707Z.fail.html.gz
http://rubyci.s3.amazonaws.com/raspbian10-aarch64/ruby-master/log/20210427T145408Z.fail.html.gz
---
test/net/ftp/test_ftp.rb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Diffstat (limited to 'test/net')
-rw-r--r-- | test/net/ftp/test_ftp.rb | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/test/net/ftp/test_ftp.rb b/test/net/ftp/test_ftp.rb index 023e79435a..318e4c8856 100644 --- a/test/net/ftp/test_ftp.rb +++ b/test/net/ftp/test_ftp.rb @@ -2474,6 +2474,23 @@ EOF end end + def test_time_parser + s = "20371231000000" + assert_equal(Time.utc(2037, 12, 31, 0, 0, 0), + Net::FTP::TIME_PARSER[s]) + s = "20371231000000.123456" + assert_equal(Time.utc(2037, 12, 31, 0, 0, 0, 123456), + Net::FTP::TIME_PARSER[s]) + s = "20371231000000." + "9" * 999999 + assert_equal(Time.utc(2037, 12, 31, 0, 0, 0, + 99999999999999999r / 100000000000), + Net::FTP::TIME_PARSER[s]) + e = assert_raise(Net::FTPProtoError) { + Net::FTP::TIME_PARSER["x" * 999999] + } + assert_equal("invalid time-val: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...", e.message) + end + private def create_ftp_server(sleep_time = nil) |