4d237f
From d5753ec513fa5a4bdcf59fa298642fd0d3a3c364 Mon Sep 17 00:00:00 2001
4d237f
From: Yusuke Endoh <mame@ruby-lang.org>
4d237f
Date: Fri, 12 Nov 2021 12:11:13 +0900
4d237f
Subject: [PATCH 1/2] Add length limit option for methods that parses date
4d237f
 strings
4d237f
4d237f
This patch fixes CVE-2021-41817 and created from the commit
4d237f
<https://github.com/ruby/date/commit/4f9b8e946ba98f0a1774f8e677baa4a45637ebb3>.
4d237f
We didn't merge the files included in the original commit below, as those are
4d237f
for rebasing date gem version.
4d237f
4d237f
* ext/date/date.gemspec
4d237f
* ext/date/lib/date.rb
4d237f
4d237f
== Original commit message ==
4d237f
4d237f
`Date.parse` now raises an ArgumentError when a given date string is
4d237f
longer than 128. You can configure the limit by giving `limit` keyword
4d237f
arguments like `Date.parse(str, limit: 1000)`. If you pass `limit: nil`,
4d237f
the limit is disabled.
4d237f
4d237f
Not only `Date.parse` but also the following methods are changed.
4d237f
4d237f
* Date._parse
4d237f
* Date.parse
4d237f
* DateTime.parse
4d237f
* Date._iso8601
4d237f
* Date.iso8601
4d237f
* DateTime.iso8601
4d237f
* Date._rfc3339
4d237f
* Date.rfc3339
4d237f
* DateTime.rfc3339
4d237f
* Date._xmlschema
4d237f
* Date.xmlschema
4d237f
* DateTime.xmlschema
4d237f
* Date._rfc2822
4d237f
* Date.rfc2822
4d237f
* DateTime.rfc2822
4d237f
* Date._rfc822
4d237f
* Date.rfc822
4d237f
* DateTime.rfc822
4d237f
* Date._jisx0301
4d237f
* Date.jisx0301
4d237f
* DateTime.jisx0301
4d237f
---
4d237f
 ext/date/date_core.c         | 384 +++++++++++++++++++++++++++--------
4d237f
 test/date/test_date_parse.rb |  29 +++
4d237f
 2 files changed, 325 insertions(+), 88 deletions(-)
4d237f
4d237f
diff --git a/ext/date/date_core.c b/ext/date/date_core.c
4d237f
index c250633426..177ea0f6c5 100644
4d237f
--- a/ext/date/date_core.c
4d237f
+++ b/ext/date/date_core.c
4d237f
@@ -4290,12 +4290,37 @@ date_s_strptime(int argc, VALUE *argv, VALUE klass)
4d237f
 
4d237f
 VALUE date__parse(VALUE str, VALUE comp);
4d237f
 
4d237f
+static size_t
4d237f
+get_limit(VALUE opt)
4d237f
+{
4d237f
+    if (!NIL_P(opt)) {
4d237f
+        VALUE limit = rb_hash_aref(opt, ID2SYM(rb_intern("limit")));
4d237f
+        if (NIL_P(limit)) return SIZE_MAX;
4d237f
+        return NUM2SIZET(limit);
4d237f
+    }
4d237f
+    return 128;
4d237f
+}
4d237f
+
4d237f
+static void
4d237f
+check_limit(VALUE str, VALUE opt)
4d237f
+{
4d237f
+    StringValue(str);
4d237f
+    size_t slen = RSTRING_LEN(str);
4d237f
+    size_t limit = get_limit(opt);
4d237f
+    if (slen > limit) {
4d237f
+	rb_raise(rb_eArgError,
4d237f
+		 "string length (%"PRI_SIZE_PREFIX"u) exceeds the limit %"PRI_SIZE_PREFIX"u", slen, limit);
4d237f
+    }
4d237f
+}
4d237f
+
4d237f
 static VALUE
4d237f
 date_s__parse_internal(int argc, VALUE *argv, VALUE klass)
4d237f
 {
4d237f
-    VALUE vstr, vcomp, hash;
4d237f
+    VALUE vstr, vcomp, hash, opt;
4d237f
 
4d237f
-    rb_scan_args(argc, argv, "11", &vstr, &vcomp);
4d237f
+    rb_scan_args(argc, argv, "11:", &vstr, &vcomp, &opt;;
4d237f
+    if (!NIL_P(opt)) argc--;
4d237f
+    check_limit(vstr, opt);
4d237f
     StringValue(vstr);
4d237f
     if (!rb_enc_str_asciicompat_p(vstr))
4d237f
 	rb_raise(rb_eArgError,
4d237f
@@ -4320,7 +4345,7 @@ date_s__parse_internal(int argc, VALUE *argv, VALUE klass)
4d237f
 
4d237f
 /*
4d237f
  * call-seq:
4d237f
- *    Date._parse(string[, comp=true])  ->  hash
4d237f
+ *    Date._parse(string[, comp=true], limit: 128)  ->  hash
4d237f
  *
4d237f
  * Parses the given representation of date and time, and returns a
4d237f
  * hash of parsed elements.  This method does not function as a
4d237f
@@ -4331,6 +4356,10 @@ date_s__parse_internal(int argc, VALUE *argv, VALUE klass)
4d237f
  * it full.
4d237f
  *
4d237f
  *    Date._parse('2001-02-03')	#=> {:year=>2001, :mon=>2, :mday=>3}
4d237f
+ *
4d237f
+ * Raise an ArgumentError when the string length is longer than _limit_.
4d237f
+ * You can stop this check by passing `limit: nil`, but note that
4d237f
+ * it may take a long time to parse.
4d237f
  */
4d237f
 static VALUE
4d237f
 date_s__parse(int argc, VALUE *argv, VALUE klass)
4d237f
@@ -4340,7 +4369,7 @@ date_s__parse(int argc, VALUE *argv, VALUE klass)
4d237f
 
4d237f
 /*
4d237f
  * call-seq:
4d237f
- *    Date.parse(string='-4712-01-01'[, comp=true[, start=Date::ITALY]])  ->  date
4d237f
+ *    Date.parse(string='-4712-01-01'[, comp=true[, start=Date::ITALY]], limit: 128)  ->  date
4d237f
  *
4d237f
  * Parses the given representation of date and time, and creates a
4d237f
  * date object.  This method does not function as a validator.
4d237f
@@ -4352,13 +4381,18 @@ date_s__parse(int argc, VALUE *argv, VALUE klass)
4d237f
  *    Date.parse('2001-02-03')		#=> #<Date: 2001-02-03 ...>
4d237f
  *    Date.parse('20010203')		#=> #<Date: 2001-02-03 ...>
4d237f
  *    Date.parse('3rd Feb 2001')	#=> #<Date: 2001-02-03 ...>
4d237f
+ *
4d237f
+ * Raise an ArgumentError when the string length is longer than _limit_.
4d237f
+ * You can stop this check by passing `limit: nil`, but note that
4d237f
+ * it may take a long time to parse.
4d237f
  */
4d237f
 static VALUE
4d237f
 date_s_parse(int argc, VALUE *argv, VALUE klass)
4d237f
 {
4d237f
-    VALUE str, comp, sg;
4d237f
+    VALUE str, comp, sg, opt;
4d237f
 
4d237f
-    rb_scan_args(argc, argv, "03", &str, &comp, &sg;;
4d237f
+    rb_scan_args(argc, argv, "03:", &str, &comp, &sg, &opt;;
4d237f
+    if (!NIL_P(opt)) argc--;
4d237f
 
4d237f
     switch (argc) {
4d237f
       case 0:
4d237f
@@ -4370,11 +4404,12 @@ date_s_parse(int argc, VALUE *argv, VALUE klass)
4d237f
     }
4d237f
 
4d237f
     {
4d237f
-	VALUE argv2[2], hash;
4d237f
-
4d237f
-	argv2[0] = str;
4d237f
-	argv2[1] = comp;
4d237f
-	hash = date_s__parse(2, argv2, klass);
4d237f
+        int argc2 = 2;
4d237f
+	VALUE argv2[3];
4d237f
+        argv2[0] = str;
4d237f
+        argv2[1] = comp;
4d237f
+        if (!NIL_P(opt)) argv2[argc2++] = opt;
4d237f
+	VALUE hash = date_s__parse(argc2, argv2, klass);
4d237f
 	return d_new_by_frags(klass, hash, sg);
4d237f
     }
4d237f
 }
4d237f
@@ -4388,19 +4423,28 @@ VALUE date__jisx0301(VALUE);
4d237f
 
4d237f
 /*
4d237f
  * call-seq:
4d237f
- *    Date._iso8601(string)  ->  hash
4d237f
+ *    Date._iso8601(string, limit: 128)  ->  hash
4d237f
  *
4d237f
  * Returns a hash of parsed elements.
4d237f
+ *
4d237f
+ * Raise an ArgumentError when the string length is longer than _limit_.
4d237f
+ * You can stop this check by passing `limit: nil`, but note that
4d237f
+ * it may take a long time to parse.
4d237f
  */
4d237f
 static VALUE
4d237f
-date_s__iso8601(VALUE klass, VALUE str)
4d237f
+date_s__iso8601(int argc, VALUE *argv, VALUE klass)
4d237f
 {
4d237f
+    VALUE str, opt;
4d237f
+
4d237f
+    rb_scan_args(argc, argv, "1:", &str, &opt;;
4d237f
+    check_limit(str, opt);
4d237f
+
4d237f
     return date__iso8601(str);
4d237f
 }
4d237f
 
4d237f
 /*
4d237f
  * call-seq:
4d237f
- *    Date.iso8601(string='-4712-01-01'[, start=Date::ITALY])  ->  date
4d237f
+ *    Date.iso8601(string='-4712-01-01'[, start=Date::ITALY], limit: 128)  ->  date
4d237f
  *
4d237f
  * Creates a new Date object by parsing from a string according to
4d237f
  * some typical ISO 8601 formats.
4d237f
@@ -4408,13 +4452,18 @@ date_s__iso8601(VALUE klass, VALUE str)
4d237f
  *    Date.iso8601('2001-02-03')	#=> #<Date: 2001-02-03 ...>
4d237f
  *    Date.iso8601('20010203')		#=> #<Date: 2001-02-03 ...>
4d237f
  *    Date.iso8601('2001-W05-6')	#=> #<Date: 2001-02-03 ...>
4d237f
+ *
4d237f
+ * Raise an ArgumentError when the string length is longer than _limit_.
4d237f
+ * You can stop this check by passing `limit: nil`, but note that
4d237f
+ * it may take a long time to parse.
4d237f
  */
4d237f
 static VALUE
4d237f
 date_s_iso8601(int argc, VALUE *argv, VALUE klass)
4d237f
 {
4d237f
-    VALUE str, sg;
4d237f
+    VALUE str, sg, opt;
4d237f
 
4d237f
-    rb_scan_args(argc, argv, "02", &str, &sg;;
4d237f
+    rb_scan_args(argc, argv, "02:", &str, &sg, &opt;;
4d237f
+    if (!NIL_P(opt)) argc--;
4d237f
 
4d237f
     switch (argc) {
4d237f
       case 0:
4d237f
@@ -4424,38 +4473,56 @@ date_s_iso8601(int argc, VALUE *argv, VALUE klass)
4d237f
     }
4d237f
 
4d237f
     {
4d237f
-	VALUE hash = date_s__iso8601(klass, str);
4d237f
+        int argc2 = 1;
4d237f
+        VALUE argv2[2];
4d237f
+        argv2[0] = str;
4d237f
+        if (!NIL_P(opt)) argv2[argc2++] = opt;
4d237f
+	VALUE hash = date_s__iso8601(argc2, argv2, klass);
4d237f
 	return d_new_by_frags(klass, hash, sg);
4d237f
     }
4d237f
 }
4d237f
 
4d237f
 /*
4d237f
  * call-seq:
4d237f
- *    Date._rfc3339(string)  ->  hash
4d237f
+ *    Date._rfc3339(string, limit: 128)  ->  hash
4d237f
  *
4d237f
  * Returns a hash of parsed elements.
4d237f
+ *
4d237f
+ * Raise an ArgumentError when the string length is longer than _limit_.
4d237f
+ * You can stop this check by passing `limit: nil`, but note that
4d237f
+ * it may take a long time to parse.
4d237f
  */
4d237f
 static VALUE
4d237f
-date_s__rfc3339(VALUE klass, VALUE str)
4d237f
+date_s__rfc3339(int argc, VALUE *argv, VALUE klass)
4d237f
 {
4d237f
+    VALUE str, opt;
4d237f
+
4d237f
+    rb_scan_args(argc, argv, "1:", &str, &opt;;
4d237f
+    check_limit(str, opt);
4d237f
+
4d237f
     return date__rfc3339(str);
4d237f
 }
4d237f
 
4d237f
 /*
4d237f
  * call-seq:
4d237f
- *    Date.rfc3339(string='-4712-01-01T00:00:00+00:00'[, start=Date::ITALY])  ->  date
4d237f
+ *    Date.rfc3339(string='-4712-01-01T00:00:00+00:00'[, start=Date::ITALY], limit: 128)  ->  date
4d237f
  *
4d237f
  * Creates a new Date object by parsing from a string according to
4d237f
  * some typical RFC 3339 formats.
4d237f
  *
4d237f
  *    Date.rfc3339('2001-02-03T04:05:06+07:00')	#=> #<Date: 2001-02-03 ...>
4d237f
+ *
4d237f
+ * Raise an ArgumentError when the string length is longer than _limit_.
4d237f
+ * You can stop this check by passing `limit: nil`, but note that
4d237f
+ * it may take a long time to parse.
4d237f
  */
4d237f
 static VALUE
4d237f
 date_s_rfc3339(int argc, VALUE *argv, VALUE klass)
4d237f
 {
4d237f
-    VALUE str, sg;
4d237f
+    VALUE str, sg, opt;
4d237f
 
4d237f
-    rb_scan_args(argc, argv, "02", &str, &sg;;
4d237f
+    rb_scan_args(argc, argv, "02:", &str, &sg, &opt;;
4d237f
+    if (!NIL_P(opt)) argc--;
4d237f
 
4d237f
     switch (argc) {
4d237f
       case 0:
4d237f
@@ -4465,38 +4532,56 @@ date_s_rfc3339(int argc, VALUE *argv, VALUE klass)
4d237f
     }
4d237f
 
4d237f
     {
4d237f
-	VALUE hash = date_s__rfc3339(klass, str);
4d237f
+        int argc2 = 1;
4d237f
+        VALUE argv2[2];
4d237f
+        argv2[0] = str;
4d237f
+        if (!NIL_P(opt)) argv2[argc2++] = opt;
4d237f
+	VALUE hash = date_s__rfc3339(argc2, argv2, klass);
4d237f
 	return d_new_by_frags(klass, hash, sg);
4d237f
     }
4d237f
 }
4d237f
 
4d237f
 /*
4d237f
  * call-seq:
4d237f
- *    Date._xmlschema(string)  ->  hash
4d237f
+ *    Date._xmlschema(string, limit: 128)  ->  hash
4d237f
  *
4d237f
  * Returns a hash of parsed elements.
4d237f
+ *
4d237f
+ * Raise an ArgumentError when the string length is longer than _limit_.
4d237f
+ * You can stop this check by passing `limit: nil`, but note that
4d237f
+ * it may take a long time to parse.
4d237f
  */
4d237f
 static VALUE
4d237f
-date_s__xmlschema(VALUE klass, VALUE str)
4d237f
+date_s__xmlschema(int argc, VALUE *argv, VALUE klass)
4d237f
 {
4d237f
+    VALUE str, opt;
4d237f
+
4d237f
+    rb_scan_args(argc, argv, "1:", &str, &opt;;
4d237f
+    check_limit(str, opt);
4d237f
+
4d237f
     return date__xmlschema(str);
4d237f
 }
4d237f
 
4d237f
 /*
4d237f
  * call-seq:
4d237f
- *    Date.xmlschema(string='-4712-01-01'[, start=Date::ITALY])  ->  date
4d237f
+ *    Date.xmlschema(string='-4712-01-01'[, start=Date::ITALY], limit: 128)  ->  date
4d237f
  *
4d237f
  * Creates a new Date object by parsing from a string according to
4d237f
  * some typical XML Schema formats.
4d237f
  *
4d237f
  *    Date.xmlschema('2001-02-03')	#=> #<Date: 2001-02-03 ...>
4d237f
+ *
4d237f
+ * Raise an ArgumentError when the string length is longer than _limit_.
4d237f
+ * You can stop this check by passing `limit: nil`, but note that
4d237f
+ * it may take a long time to parse.
4d237f
  */
4d237f
 static VALUE
4d237f
 date_s_xmlschema(int argc, VALUE *argv, VALUE klass)
4d237f
 {
4d237f
-    VALUE str, sg;
4d237f
+    VALUE str, sg, opt;
4d237f
 
4d237f
-    rb_scan_args(argc, argv, "02", &str, &sg;;
4d237f
+    rb_scan_args(argc, argv, "02:", &str, &sg, &opt;;
4d237f
+    if (!NIL_P(opt)) argc--;
4d237f
 
4d237f
     switch (argc) {
4d237f
       case 0:
4d237f
@@ -4506,41 +4591,58 @@ date_s_xmlschema(int argc, VALUE *argv, VALUE klass)
4d237f
     }
4d237f
 
4d237f
     {
4d237f
-	VALUE hash = date_s__xmlschema(klass, str);
4d237f
+        int argc2 = 1;
4d237f
+        VALUE argv2[2];
4d237f
+        argv2[0] = str;
4d237f
+        if (!NIL_P(opt)) argv2[argc2++] = opt;
4d237f
+	VALUE hash = date_s__xmlschema(argc2, argv2, klass);
4d237f
 	return d_new_by_frags(klass, hash, sg);
4d237f
     }
4d237f
 }
4d237f
 
4d237f
 /*
4d237f
  * call-seq:
4d237f
- *    Date._rfc2822(string)  ->  hash
4d237f
- *    Date._rfc822(string)   ->  hash
4d237f
+ *    Date._rfc2822(string, limit: 128)  ->  hash
4d237f
+ *    Date._rfc822(string, limit: 128)   ->  hash
4d237f
  *
4d237f
  * Returns a hash of parsed elements.
4d237f
+ *
4d237f
+ * Raise an ArgumentError when the string length is longer than _limit_.
4d237f
+ * You can stop this check by passing `limit: nil`, but note that
4d237f
+ * it may take a long time to parse.
4d237f
  */
4d237f
 static VALUE
4d237f
-date_s__rfc2822(VALUE klass, VALUE str)
4d237f
+date_s__rfc2822(int argc, VALUE *argv, VALUE klass)
4d237f
 {
4d237f
+    VALUE str, opt;
4d237f
+
4d237f
+    rb_scan_args(argc, argv, "1:", &str, &opt;;
4d237f
+    check_limit(str, opt);
4d237f
+
4d237f
     return date__rfc2822(str);
4d237f
 }
4d237f
 
4d237f
 /*
4d237f
  * call-seq:
4d237f
- *    Date.rfc2822(string='Mon, 1 Jan -4712 00:00:00 +0000'[, start=Date::ITALY])  ->  date
4d237f
- *    Date.rfc822(string='Mon, 1 Jan -4712 00:00:00 +0000'[, start=Date::ITALY])   ->  date
4d237f
+ *    Date.rfc2822(string='Mon, 1 Jan -4712 00:00:00 +0000'[, start=Date::ITALY], limit: 128)  ->  date
4d237f
+ *    Date.rfc822(string='Mon, 1 Jan -4712 00:00:00 +0000'[, start=Date::ITALY], limit: 128)   ->  date
4d237f
  *
4d237f
  * Creates a new Date object by parsing from a string according to
4d237f
  * some typical RFC 2822 formats.
4d237f
  *
4d237f
  *    Date.rfc2822('Sat, 3 Feb 2001 00:00:00 +0000')
4d237f
  *						#=> #<Date: 2001-02-03 ...>
4d237f
+ *
4d237f
+ * Raise an ArgumentError when the string length is longer than _limit_.
4d237f
+ * You can stop this check by passing `limit: nil`, but note that
4d237f
+ * it may take a long time to parse.
4d237f
  */
4d237f
 static VALUE
4d237f
 date_s_rfc2822(int argc, VALUE *argv, VALUE klass)
4d237f
 {
4d237f
-    VALUE str, sg;
4d237f
+    VALUE str, sg, opt;
4d237f
 
4d237f
-    rb_scan_args(argc, argv, "02", &str, &sg;;
4d237f
+    rb_scan_args(argc, argv, "02:", &str, &sg, &opt;;
4d237f
 
4d237f
     switch (argc) {
4d237f
       case 0:
4d237f
@@ -4550,39 +4652,56 @@ date_s_rfc2822(int argc, VALUE *argv, VALUE klass)
4d237f
     }
4d237f
 
4d237f
     {
4d237f
-	VALUE hash = date_s__rfc2822(klass, str);
4d237f
+        int argc2 = 1;
4d237f
+        VALUE argv2[2];
4d237f
+        argv2[0] = str;
4d237f
+        if (!NIL_P(opt)) argv2[argc2++] = opt;
4d237f
+	VALUE hash = date_s__rfc2822(argc2, argv2, klass);
4d237f
 	return d_new_by_frags(klass, hash, sg);
4d237f
     }
4d237f
 }
4d237f
 
4d237f
 /*
4d237f
  * call-seq:
4d237f
- *    Date._httpdate(string)  ->  hash
4d237f
+ *    Date._httpdate(string, limit: 128)  ->  hash
4d237f
  *
4d237f
  * Returns a hash of parsed elements.
4d237f
+ *
4d237f
+ * Raise an ArgumentError when the string length is longer than _limit_.
4d237f
+ * You can stop this check by passing `limit: nil`, but note that
4d237f
+ * it may take a long time to parse.
4d237f
  */
4d237f
 static VALUE
4d237f
-date_s__httpdate(VALUE klass, VALUE str)
4d237f
+date_s__httpdate(int argc, VALUE *argv, VALUE klass)
4d237f
 {
4d237f
+    VALUE str, opt;
4d237f
+
4d237f
+    rb_scan_args(argc, argv, "1:", &str, &opt;;
4d237f
+    check_limit(str, opt);
4d237f
+
4d237f
     return date__httpdate(str);
4d237f
 }
4d237f
 
4d237f
 /*
4d237f
  * call-seq:
4d237f
- *    Date.httpdate(string='Mon, 01 Jan -4712 00:00:00 GMT'[, start=Date::ITALY])  ->  date
4d237f
+ *    Date.httpdate(string='Mon, 01 Jan -4712 00:00:00 GMT'[, start=Date::ITALY], limit: 128)  ->  date
4d237f
  *
4d237f
  * Creates a new Date object by parsing from a string according to
4d237f
  * some RFC 2616 format.
4d237f
  *
4d237f
  *    Date.httpdate('Sat, 03 Feb 2001 00:00:00 GMT')
4d237f
  *						#=> #<Date: 2001-02-03 ...>
4d237f
+ *
4d237f
+ * Raise an ArgumentError when the string length is longer than _limit_.
4d237f
+ * You can stop this check by passing `limit: nil`, but note that
4d237f
+ * it may take a long time to parse.
4d237f
  */
4d237f
 static VALUE
4d237f
 date_s_httpdate(int argc, VALUE *argv, VALUE klass)
4d237f
 {
4d237f
-    VALUE str, sg;
4d237f
+    VALUE str, sg, opt;
4d237f
 
4d237f
-    rb_scan_args(argc, argv, "02", &str, &sg;;
4d237f
+    rb_scan_args(argc, argv, "02:", &str, &sg, &opt;;
4d237f
 
4d237f
     switch (argc) {
4d237f
       case 0:
4d237f
@@ -4592,38 +4711,56 @@ date_s_httpdate(int argc, VALUE *argv, VALUE klass)
4d237f
     }
4d237f
 
4d237f
     {
4d237f
-	VALUE hash = date_s__httpdate(klass, str);
4d237f
+        int argc2 = 1;
4d237f
+        VALUE argv2[2];
4d237f
+        argv2[0] = str;
4d237f
+        if (!NIL_P(opt)) argv2[argc2++] = opt;
4d237f
+	VALUE hash = date_s__httpdate(argc2, argv2, klass);
4d237f
 	return d_new_by_frags(klass, hash, sg);
4d237f
     }
4d237f
 }
4d237f
 
4d237f
 /*
4d237f
  * call-seq:
4d237f
- *    Date._jisx0301(string)  ->  hash
4d237f
+ *    Date._jisx0301(string, limit: 128)  ->  hash
4d237f
  *
4d237f
  * Returns a hash of parsed elements.
4d237f
+ *
4d237f
+ * Raise an ArgumentError when the string length is longer than _limit_.
4d237f
+ * You can stop this check by passing `limit: nil`, but note that
4d237f
+ * it may take a long time to parse.
4d237f
  */
4d237f
 static VALUE
4d237f
-date_s__jisx0301(VALUE klass, VALUE str)
4d237f
+date_s__jisx0301(int argc, VALUE *argv, VALUE klass)
4d237f
 {
4d237f
+    VALUE str, opt;
4d237f
+
4d237f
+    rb_scan_args(argc, argv, "1:", &str, &opt;;
4d237f
+    check_limit(str, opt);
4d237f
+
4d237f
     return date__jisx0301(str);
4d237f
 }
4d237f
 
4d237f
 /*
4d237f
  * call-seq:
4d237f
- *    Date.jisx0301(string='-4712-01-01'[, start=Date::ITALY])  ->  date
4d237f
+ *    Date.jisx0301(string='-4712-01-01'[, start=Date::ITALY], limit: 128)  ->  date
4d237f
  *
4d237f
  * Creates a new Date object by parsing from a string according to
4d237f
  * some typical JIS X 0301 formats.
4d237f
  *
4d237f
  *    Date.jisx0301('H13.02.03')		#=> #<Date: 2001-02-03 ...>
4d237f
+ *
4d237f
+ * Raise an ArgumentError when the string length is longer than _limit_.
4d237f
+ * You can stop this check by passing `limit: nil`, but note that
4d237f
+ * it may take a long time to parse.
4d237f
  */
4d237f
 static VALUE
4d237f
 date_s_jisx0301(int argc, VALUE *argv, VALUE klass)
4d237f
 {
4d237f
-    VALUE str, sg;
4d237f
+    VALUE str, sg, opt;
4d237f
 
4d237f
-    rb_scan_args(argc, argv, "02", &str, &sg;;
4d237f
+    rb_scan_args(argc, argv, "02:", &str, &sg, &opt;;
4d237f
+    if (!NIL_P(opt)) argc--;
4d237f
 
4d237f
     switch (argc) {
4d237f
       case 0:
4d237f
@@ -4633,7 +4770,11 @@ date_s_jisx0301(int argc, VALUE *argv, VALUE klass)
4d237f
     }
4d237f
 
4d237f
     {
4d237f
-	VALUE hash = date_s__jisx0301(klass, str);
4d237f
+        int argc2 = 1;
4d237f
+        VALUE argv2[2];
4d237f
+        argv2[0] = str;
4d237f
+        if (!NIL_P(opt)) argv2[argc2++] = opt;
4d237f
+	VALUE hash = date_s__jisx0301(argc2, argv2, klass);
4d237f
 	return d_new_by_frags(klass, hash, sg);
4d237f
     }
4d237f
 }
4d237f
@@ -7925,7 +8066,7 @@ datetime_s_strptime(int argc, VALUE *argv, VALUE klass)
4d237f
 
4d237f
 /*
4d237f
  * call-seq:
4d237f
- *    DateTime.parse(string='-4712-01-01T00:00:00+00:00'[, comp=true[, start=Date::ITALY]])  ->  datetime
4d237f
+ *    DateTime.parse(string='-4712-01-01T00:00:00+00:00'[, comp=true[, start=Date::ITALY]], limit: 128)  ->  datetime
4d237f
  *
4d237f
  * Parses the given representation of date and time, and creates a
4d237f
  * DateTime object.  This method does not function as a validator.
4d237f
@@ -7939,13 +8080,18 @@ datetime_s_strptime(int argc, VALUE *argv, VALUE klass)
4d237f
  *				#=> #<DateTime: 2001-02-03T04:05:06+07:00 ...>
4d237f
  *    DateTime.parse('3rd Feb 2001 04:05:06 PM')
4d237f
  *				#=> #<DateTime: 2001-02-03T16:05:06+00:00 ...>
4d237f
+ *
4d237f
+ * Raise an ArgumentError when the string length is longer than _limit_.
4d237f
+ * You can stop this check by passing `limit: nil`, but note that
4d237f
+ * it may take a long time to parse.
4d237f
  */
4d237f
 static VALUE
4d237f
 datetime_s_parse(int argc, VALUE *argv, VALUE klass)
4d237f
 {
4d237f
-    VALUE str, comp, sg;
4d237f
+    VALUE str, comp, sg, opt;
4d237f
 
4d237f
-    rb_scan_args(argc, argv, "03", &str, &comp, &sg;;
4d237f
+    rb_scan_args(argc, argv, "03:", &str, &comp, &sg, &opt;;
4d237f
+    if (!NIL_P(opt)) argc--;
4d237f
 
4d237f
     switch (argc) {
4d237f
       case 0:
4d237f
@@ -7957,18 +8103,20 @@ datetime_s_parse(int argc, VALUE *argv, VALUE klass)
4d237f
     }
4d237f
 
4d237f
     {
4d237f
-	VALUE argv2[2], hash;
4d237f
-
4d237f
-	argv2[0] = str;
4d237f
-	argv2[1] = comp;
4d237f
-	hash = date_s__parse(2, argv2, klass);
4d237f
+        int argc2 = 2;
4d237f
+        VALUE argv2[3];
4d237f
+        argv2[0] = str;
4d237f
+        argv2[1] = comp;
4d237f
+        argv2[2] = opt;
4d237f
+        if (!NIL_P(opt)) argc2++;
4d237f
+	VALUE hash = date_s__parse(argc2, argv2, klass);
4d237f
 	return dt_new_by_frags(klass, hash, sg);
4d237f
     }
4d237f
 }
4d237f
 
4d237f
 /*
4d237f
  * call-seq:
4d237f
- *    DateTime.iso8601(string='-4712-01-01T00:00:00+00:00'[, start=Date::ITALY])  ->  datetime
4d237f
+ *    DateTime.iso8601(string='-4712-01-01T00:00:00+00:00'[, start=Date::ITALY], limit: 128)  ->  datetime
4d237f
  *
4d237f
  * Creates a new DateTime object by parsing from a string according to
4d237f
  * some typical ISO 8601 formats.
4d237f
@@ -7979,13 +8127,18 @@ datetime_s_parse(int argc, VALUE *argv, VALUE klass)
4d237f
  *				#=> #<DateTime: 2001-02-03T04:05:06+07:00 ...>
4d237f
  *    DateTime.iso8601('2001-W05-6T04:05:06+07:00')
4d237f
  *				#=> #<DateTime: 2001-02-03T04:05:06+07:00 ...>
4d237f
+ *
4d237f
+ * Raise an ArgumentError when the string length is longer than _limit_.
4d237f
+ * You can stop this check by passing `limit: nil`, but note that
4d237f
+ * it may take a long time to parse.
4d237f
  */
4d237f
 static VALUE
4d237f
 datetime_s_iso8601(int argc, VALUE *argv, VALUE klass)
4d237f
 {
4d237f
-    VALUE str, sg;
4d237f
+    VALUE str, sg, opt;
4d237f
 
4d237f
-    rb_scan_args(argc, argv, "02", &str, &sg;;
4d237f
+    rb_scan_args(argc, argv, "02:", &str, &sg, &opt;;
4d237f
+    if (!NIL_P(opt)) argc--;
4d237f
 
4d237f
     switch (argc) {
4d237f
       case 0:
4d237f
@@ -7995,27 +8148,37 @@ datetime_s_iso8601(int argc, VALUE *argv, VALUE klass)
4d237f
     }
4d237f
 
4d237f
     {
4d237f
-	VALUE hash = date_s__iso8601(klass, str);
4d237f
+        int argc2 = 1;
4d237f
+        VALUE argv2[2];
4d237f
+        argv2[0] = str;
4d237f
+        argv2[1] = opt;
4d237f
+        if (!NIL_P(opt)) argc2--;
4d237f
+	VALUE hash = date_s__iso8601(argc2, argv2, klass);
4d237f
 	return dt_new_by_frags(klass, hash, sg);
4d237f
     }
4d237f
 }
4d237f
 
4d237f
 /*
4d237f
  * call-seq:
4d237f
- *    DateTime.rfc3339(string='-4712-01-01T00:00:00+00:00'[, start=Date::ITALY])  ->  datetime
4d237f
+ *    DateTime.rfc3339(string='-4712-01-01T00:00:00+00:00'[, start=Date::ITALY], limit: 128)  ->  datetime
4d237f
  *
4d237f
  * Creates a new DateTime object by parsing from a string according to
4d237f
  * some typical RFC 3339 formats.
4d237f
  *
4d237f
  *    DateTime.rfc3339('2001-02-03T04:05:06+07:00')
4d237f
  *				#=> #<DateTime: 2001-02-03T04:05:06+07:00 ...>
4d237f
+ *
4d237f
+ * Raise an ArgumentError when the string length is longer than _limit_.
4d237f
+ * You can stop this check by passing `limit: nil`, but note that
4d237f
+ * it may take a long time to parse.
4d237f
  */
4d237f
 static VALUE
4d237f
 datetime_s_rfc3339(int argc, VALUE *argv, VALUE klass)
4d237f
 {
4d237f
-    VALUE str, sg;
4d237f
+    VALUE str, sg, opt;
4d237f
 
4d237f
-    rb_scan_args(argc, argv, "02", &str, &sg;;
4d237f
+    rb_scan_args(argc, argv, "02:", &str, &sg, &opt;;
4d237f
+    if (!NIL_P(opt)) argc--;
4d237f
 
4d237f
     switch (argc) {
4d237f
       case 0:
4d237f
@@ -8025,27 +8188,37 @@ datetime_s_rfc3339(int argc, VALUE *argv, VALUE klass)
4d237f
     }
4d237f
 
4d237f
     {
4d237f
-	VALUE hash = date_s__rfc3339(klass, str);
4d237f
+        int argc2 = 1;
4d237f
+        VALUE argv2[2];
4d237f
+        argv2[0] = str;
4d237f
+        argv2[1] = opt;
4d237f
+        if (!NIL_P(opt)) argc2++;
4d237f
+	VALUE hash = date_s__rfc3339(argc2, argv2, klass);
4d237f
 	return dt_new_by_frags(klass, hash, sg);
4d237f
     }
4d237f
 }
4d237f
 
4d237f
 /*
4d237f
  * call-seq:
4d237f
- *    DateTime.xmlschema(string='-4712-01-01T00:00:00+00:00'[, start=Date::ITALY])  ->  datetime
4d237f
+ *    DateTime.xmlschema(string='-4712-01-01T00:00:00+00:00'[, start=Date::ITALY], limit: 128)  ->  datetime
4d237f
  *
4d237f
  * Creates a new DateTime object by parsing from a string according to
4d237f
  * some typical XML Schema formats.
4d237f
  *
4d237f
  *    DateTime.xmlschema('2001-02-03T04:05:06+07:00')
4d237f
  *				#=> #<DateTime: 2001-02-03T04:05:06+07:00 ...>
4d237f
+ *
4d237f
+ * Raise an ArgumentError when the string length is longer than _limit_.
4d237f
+ * You can stop this check by passing `limit: nil`, but note that
4d237f
+ * it may take a long time to parse.
4d237f
  */
4d237f
 static VALUE
4d237f
 datetime_s_xmlschema(int argc, VALUE *argv, VALUE klass)
4d237f
 {
4d237f
-    VALUE str, sg;
4d237f
+    VALUE str, sg, opt;
4d237f
 
4d237f
-    rb_scan_args(argc, argv, "02", &str, &sg;;
4d237f
+    rb_scan_args(argc, argv, "02:", &str, &sg, &opt;;
4d237f
+    if (!NIL_P(opt)) argc--;
4d237f
 
4d237f
     switch (argc) {
4d237f
       case 0:
4d237f
@@ -8055,28 +8228,38 @@ datetime_s_xmlschema(int argc, VALUE *argv, VALUE klass)
4d237f
     }
4d237f
 
4d237f
     {
4d237f
-	VALUE hash = date_s__xmlschema(klass, str);
4d237f
+        int argc2 = 1;
4d237f
+        VALUE argv2[2];
4d237f
+        argv2[0] = str;
4d237f
+        argv2[1] = opt;
4d237f
+        if (!NIL_P(opt)) argc2++;
4d237f
+	VALUE hash = date_s__xmlschema(argc2, argv2, klass);
4d237f
 	return dt_new_by_frags(klass, hash, sg);
4d237f
     }
4d237f
 }
4d237f
 
4d237f
 /*
4d237f
  * call-seq:
4d237f
- *    DateTime.rfc2822(string='Mon, 1 Jan -4712 00:00:00 +0000'[, start=Date::ITALY])  ->  datetime
4d237f
- *    DateTime.rfc822(string='Mon, 1 Jan -4712 00:00:00 +0000'[, start=Date::ITALY])   ->  datetime
4d237f
+ *    DateTime.rfc2822(string='Mon, 1 Jan -4712 00:00:00 +0000'[, start=Date::ITALY], limit: 128)  ->  datetime
4d237f
+ *    DateTime.rfc822(string='Mon, 1 Jan -4712 00:00:00 +0000'[, start=Date::ITALY], limit: 128)   ->  datetime
4d237f
  *
4d237f
  * Creates a new DateTime object by parsing from a string according to
4d237f
  * some typical RFC 2822 formats.
4d237f
  *
4d237f
  *     DateTime.rfc2822('Sat, 3 Feb 2001 04:05:06 +0700')
4d237f
  *				#=> #<DateTime: 2001-02-03T04:05:06+07:00 ...>
4d237f
+ *
4d237f
+ * Raise an ArgumentError when the string length is longer than _limit_.
4d237f
+ * You can stop this check by passing `limit: nil`, but note that
4d237f
+ * it may take a long time to parse.
4d237f
  */
4d237f
 static VALUE
4d237f
 datetime_s_rfc2822(int argc, VALUE *argv, VALUE klass)
4d237f
 {
4d237f
-    VALUE str, sg;
4d237f
+    VALUE str, sg, opt;
4d237f
 
4d237f
-    rb_scan_args(argc, argv, "02", &str, &sg;;
4d237f
+    rb_scan_args(argc, argv, "02:", &str, &sg, &opt;;
4d237f
+    if (!NIL_P(opt)) argc--;
4d237f
 
4d237f
     switch (argc) {
4d237f
       case 0:
4d237f
@@ -8086,7 +8269,12 @@ datetime_s_rfc2822(int argc, VALUE *argv, VALUE klass)
4d237f
     }
4d237f
 
4d237f
     {
4d237f
-	VALUE hash = date_s__rfc2822(klass, str);
4d237f
+        int argc2 = 1;
4d237f
+        VALUE argv2[2];
4d237f
+        argv2[0] = str;
4d237f
+        argv2[1] = opt;
4d237f
+        if (!NIL_P(opt)) argc2++;
4d237f
+	VALUE hash = date_s__rfc2822(argc2, argv2, klass);
4d237f
 	return dt_new_by_frags(klass, hash, sg);
4d237f
     }
4d237f
 }
4d237f
@@ -8100,13 +8288,18 @@ datetime_s_rfc2822(int argc, VALUE *argv, VALUE klass)
4d237f
  *
4d237f
  *    DateTime.httpdate('Sat, 03 Feb 2001 04:05:06 GMT')
4d237f
  *				#=> #<DateTime: 2001-02-03T04:05:06+00:00 ...>
4d237f
+ *
4d237f
+ * Raise an ArgumentError when the string length is longer than _limit_.
4d237f
+ * You can stop this check by passing `limit: nil`, but note that
4d237f
+ * it may take a long time to parse.
4d237f
  */
4d237f
 static VALUE
4d237f
 datetime_s_httpdate(int argc, VALUE *argv, VALUE klass)
4d237f
 {
4d237f
-    VALUE str, sg;
4d237f
+    VALUE str, sg, opt;
4d237f
 
4d237f
-    rb_scan_args(argc, argv, "02", &str, &sg;;
4d237f
+    rb_scan_args(argc, argv, "02:", &str, &sg, &opt;;
4d237f
+    if (!NIL_P(opt)) argc--;
4d237f
 
4d237f
     switch (argc) {
4d237f
       case 0:
4d237f
@@ -8116,27 +8309,37 @@ datetime_s_httpdate(int argc, VALUE *argv, VALUE klass)
4d237f
     }
4d237f
 
4d237f
     {
4d237f
-	VALUE hash = date_s__httpdate(klass, str);
4d237f
+        int argc2 = 1;
4d237f
+        VALUE argv2[2];
4d237f
+        argv2[0] = str;
4d237f
+        argv2[1] = opt;
4d237f
+        if (!NIL_P(opt)) argc2++;
4d237f
+	VALUE hash = date_s__httpdate(argc2, argv2, klass);
4d237f
 	return dt_new_by_frags(klass, hash, sg);
4d237f
     }
4d237f
 }
4d237f
 
4d237f
 /*
4d237f
  * call-seq:
4d237f
- *    DateTime.jisx0301(string='-4712-01-01T00:00:00+00:00'[, start=Date::ITALY])  ->  datetime
4d237f
+ *    DateTime.jisx0301(string='-4712-01-01T00:00:00+00:00'[, start=Date::ITALY], limit: 128)  ->  datetime
4d237f
  *
4d237f
  * Creates a new DateTime object by parsing from a string according to
4d237f
  * some typical JIS X 0301 formats.
4d237f
  *
4d237f
  *    DateTime.jisx0301('H13.02.03T04:05:06+07:00')
4d237f
  *				#=> #<DateTime: 2001-02-03T04:05:06+07:00 ...>
4d237f
+ *
4d237f
+ * Raise an ArgumentError when the string length is longer than _limit_.
4d237f
+ * You can stop this check by passing `limit: nil`, but note that
4d237f
+ * it may take a long time to parse.
4d237f
  */
4d237f
 static VALUE
4d237f
 datetime_s_jisx0301(int argc, VALUE *argv, VALUE klass)
4d237f
 {
4d237f
-    VALUE str, sg;
4d237f
+    VALUE str, sg, opt;
4d237f
 
4d237f
-    rb_scan_args(argc, argv, "02", &str, &sg;;
4d237f
+    rb_scan_args(argc, argv, "02:", &str, &sg, &opt;;
4d237f
+    if (!NIL_P(opt)) argc--;
4d237f
 
4d237f
     switch (argc) {
4d237f
       case 0:
4d237f
@@ -8146,7 +8349,12 @@ datetime_s_jisx0301(int argc, VALUE *argv, VALUE klass)
4d237f
     }
4d237f
 
4d237f
     {
4d237f
-	VALUE hash = date_s__jisx0301(klass, str);
4d237f
+        int argc2 = 1;
4d237f
+        VALUE argv2[2];
4d237f
+        argv2[0] = str;
4d237f
+        argv2[1] = opt;
4d237f
+        if (!NIL_P(opt)) argc2++;
4d237f
+	VALUE hash = date_s__jisx0301(argc2, argv2, klass);
4d237f
 	return dt_new_by_frags(klass, hash, sg);
4d237f
     }
4d237f
 }
4d237f
@@ -9297,19 +9505,19 @@ Init_date_core(void)
4d237f
     rb_define_singleton_method(cDate, "strptime", date_s_strptime, -1);
4d237f
     rb_define_singleton_method(cDate, "_parse", date_s__parse, -1);
4d237f
     rb_define_singleton_method(cDate, "parse", date_s_parse, -1);
4d237f
-    rb_define_singleton_method(cDate, "_iso8601", date_s__iso8601, 1);
4d237f
+    rb_define_singleton_method(cDate, "_iso8601", date_s__iso8601, -1);
4d237f
     rb_define_singleton_method(cDate, "iso8601", date_s_iso8601, -1);
4d237f
-    rb_define_singleton_method(cDate, "_rfc3339", date_s__rfc3339, 1);
4d237f
+    rb_define_singleton_method(cDate, "_rfc3339", date_s__rfc3339, -1);
4d237f
     rb_define_singleton_method(cDate, "rfc3339", date_s_rfc3339, -1);
4d237f
-    rb_define_singleton_method(cDate, "_xmlschema", date_s__xmlschema, 1);
4d237f
+    rb_define_singleton_method(cDate, "_xmlschema", date_s__xmlschema, -1);
4d237f
     rb_define_singleton_method(cDate, "xmlschema", date_s_xmlschema, -1);
4d237f
-    rb_define_singleton_method(cDate, "_rfc2822", date_s__rfc2822, 1);
4d237f
-    rb_define_singleton_method(cDate, "_rfc822", date_s__rfc2822, 1);
4d237f
+    rb_define_singleton_method(cDate, "_rfc2822", date_s__rfc2822, -1);
4d237f
+    rb_define_singleton_method(cDate, "_rfc822", date_s__rfc2822, -1);
4d237f
     rb_define_singleton_method(cDate, "rfc2822", date_s_rfc2822, -1);
4d237f
     rb_define_singleton_method(cDate, "rfc822", date_s_rfc2822, -1);
4d237f
-    rb_define_singleton_method(cDate, "_httpdate", date_s__httpdate, 1);
4d237f
+    rb_define_singleton_method(cDate, "_httpdate", date_s__httpdate, -1);
4d237f
     rb_define_singleton_method(cDate, "httpdate", date_s_httpdate, -1);
4d237f
-    rb_define_singleton_method(cDate, "_jisx0301", date_s__jisx0301, 1);
4d237f
+    rb_define_singleton_method(cDate, "_jisx0301", date_s__jisx0301, -1);
4d237f
     rb_define_singleton_method(cDate, "jisx0301", date_s_jisx0301, -1);
4d237f
 
4d237f
 #ifndef NDEBUG
4d237f
diff --git a/test/date/test_date_parse.rb b/test/date/test_date_parse.rb
4d237f
index ac0eb85ca7..f9b160ee8c 100644
4d237f
--- a/test/date/test_date_parse.rb
4d237f
+++ b/test/date/test_date_parse.rb
4d237f
@@ -1,6 +1,7 @@
4d237f
 # frozen_string_literal: true
4d237f
 require 'test/unit'
4d237f
 require 'date'
4d237f
+require 'timeout'
4d237f
 
4d237f
 class TestDateParse < Test::Unit::TestCase
4d237f
 
4d237f
@@ -1122,4 +1123,32 @@ def test_given_string
4d237f
     assert_equal(s0, s)
4d237f
   end
4d237f
 
4d237f
+  def test_length_limit
4d237f
+    assert_raise(ArgumentError) { Date._parse("1" * 1000) }
4d237f
+    assert_raise(ArgumentError) { Date._iso8601("1" * 1000) }
4d237f
+    assert_raise(ArgumentError) { Date._rfc3339("1" * 1000) }
4d237f
+    assert_raise(ArgumentError) { Date._xmlschema("1" * 1000) }
4d237f
+    assert_raise(ArgumentError) { Date._rfc2822("1" * 1000) }
4d237f
+    assert_raise(ArgumentError) { Date._rfc822("1" * 1000) }
4d237f
+    assert_raise(ArgumentError) { Date._jisx0301("1" * 1000) }
4d237f
+
4d237f
+    assert_raise(ArgumentError) { Date.parse("1" * 1000) }
4d237f
+    assert_raise(ArgumentError) { Date.iso8601("1" * 1000) }
4d237f
+    assert_raise(ArgumentError) { Date.rfc3339("1" * 1000) }
4d237f
+    assert_raise(ArgumentError) { Date.xmlschema("1" * 1000) }
4d237f
+    assert_raise(ArgumentError) { Date.rfc2822("1" * 1000) }
4d237f
+    assert_raise(ArgumentError) { Date.rfc822("1" * 1000) }
4d237f
+    assert_raise(ArgumentError) { Date.jisx0301("1" * 1000) }
4d237f
+
4d237f
+    assert_raise(ArgumentError) { DateTime.parse("1" * 1000) }
4d237f
+    assert_raise(ArgumentError) { DateTime.iso8601("1" * 1000) }
4d237f
+    assert_raise(ArgumentError) { DateTime.rfc3339("1" * 1000) }
4d237f
+    assert_raise(ArgumentError) { DateTime.xmlschema("1" * 1000) }
4d237f
+    assert_raise(ArgumentError) { DateTime.rfc2822("1" * 1000) }
4d237f
+    assert_raise(ArgumentError) { DateTime.rfc822("1" * 1000) }
4d237f
+    assert_raise(ArgumentError) { DateTime.jisx0301("1" * 1000) }
4d237f
+
4d237f
+    assert_raise(ArgumentError) { Date._parse("Jan " + "9" * 1000000) }
4d237f
+    assert_raise(Timeout::Error) { Timeout.timeout(1) { Date._parse("Jan " + "9" * 1000000, limit: nil) } }
4d237f
+  end
4d237f
 end
4d237f
-- 
4d237f
2.36.1
4d237f