-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Poor time complexity of Cron.parse #104
Comments
Many thanks! |
jmettraux
added a commit
that referenced
this issue
Aug 14, 2024
jmettraux
added a commit
that referenced
this issue
Aug 14, 2024
jmettraux
added a commit
that referenced
this issue
Aug 15, 2024
jmettraux
added a commit
that referenced
this issue
Aug 15, 2024
jmettraux
added a commit
that referenced
this issue
Aug 15, 2024
Closing this issue now. I will release 1.11.1 now. If there is anything I missed, please tell me. Thanks again! |
jmettraux
added a commit
to jmettraux/sidekiq-cron
that referenced
this issue
Aug 15, 2024
floraison/fugit#104 Prevent Fugit::Nat.parse choking on large input, limit at 256 chars
jmettraux
added a commit
to jmettraux/good_job
that referenced
this issue
Aug 16, 2024
floraison/fugit#104 Prevent Fugit::Nat.parse choking on large input, peg at 256 chars ```ruby spec.add_dependency "fugit", "~> 1.11", ">= 1.11.1" ``` Which requires fugit from 1.11.0 to 2.x not included and at least 1.11.1
jmettraux
added a commit
to jmettraux/solid_queue
that referenced
this issue
Aug 16, 2024
floraison/fugit#104 Prevent Fugit::Nat.parse choking on large input, peg at 256 chars ```ruby spec.add_dependency "fugit", "~> 1.11", ">= 1.11.1" ``` Which requires fugit from 1.11.0 to 2.x not included and at least 1.11.1
jmettraux
added a commit
to jmettraux/jets
that referenced
this issue
Aug 16, 2024
floraison/fugit#104 Prevent Fugit::Nat.parse choking on large input, peg at 256 chars ```ruby spec.add_dependency "fugit", "~> 1.11", ">= 1.11.1" ``` Which requires fugit from 1.11.0 to 2.x not included and at least 1.11.1
markets
pushed a commit
to sidekiq-cron/sidekiq-cron
that referenced
this issue
Aug 16, 2024
floraison/fugit#104 Prevent Fugit::Nat.parse choking on large input, limit at 256 chars
hlascelles
added a commit
to hlascelles/que-scheduler
that referenced
this issue
Aug 21, 2024
This prevents the fugit bug: floraison/fugit#104
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue description
Hi!
I fuzzed this library with afl and found that the program hangs with a crafted input. I originally reported this privately, but it was later decided to create a public issue. I am going to paste my email text here:
How to reproduce
The simplest piece of code that reproduces the issue, for example:
Error and error backtrace (if any)
Program hangs (no backtrace).
Expected behaviour
The program should execute within a reasonable timeframe.
Context
Additional context
I don't really know how to implement a reasonable security policy (https://github.com/floraison/fugit/security) , because of lack of experience, but I think maybe something similar to what golang has would be good???? (https://go.dev/doc/security/policy)
The text was updated successfully, but these errors were encountered: