Fix quadratic backtracking on invalid time

https://hackerone.com/reports/1485501
author: Nobuyoshi Nakada <nobu@ruby-lang.org> 2022-11-29 16:22:15 +0900
committer: usa <usa@garbagecollect.jp> 2023-03-30 19:48:27 +0900
commit: 2cb830602f52e7e76c6781115e7938b21f881c4f (patch)
tree: b261bc51d1d084e507ffb3206ff21884173c94b0
parent: 332135b9a9138aee05d0fdbdc6ae8bb9788b222d (diff)
download: ruby-2cb830602f52e7e76c6781115e7938b21f881c4f.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/time.rb b/lib/time.rb
index f27bacde65..236bfe1aa2 100644
--- a/lib/time.rb
+++ b/lib/time.rb
@@ -501,8 +501,8 @@ class Time
           (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s+
           (\d{2,})\s+
           (\d{2})\s*
-          :\s*(\d{2})\s*
-          (?::\s*(\d{2}))?\s+
+          :\s*(\d{2})
+          (?:\s*:\s*(\d{2}))?\s+
           ([+-]\d{4}|
            UT|GMT|EST|EDT|CST|CDT|MST|MDT|PST|PDT|[A-IK-Z])/ix =~ date
         # Since RFC 2822 permit comments, the regexp has no right anchor.
author	Nobuyoshi Nakada <nobu@ruby-lang.org>	2022-11-29 16:22:15 +0900
committer	usa <usa@garbagecollect.jp>	2023-03-30 19:48:27 +0900
commit	2cb830602f52e7e76c6781115e7938b21f881c4f (patch)
tree	b261bc51d1d084e507ffb3206ff21884173c94b0
parent	332135b9a9138aee05d0fdbdc6ae8bb9788b222d (diff)
download	ruby-2cb830602f52e7e76c6781115e7938b21f881c4f.tar.gz