General

Profile

sam.saffron (Sam Saffron)

Issues

open closed Total
Assigned issues 0 0 0
Reported issues 13 33 46

Activity

05/19/2021

12:21 AM Ruby master Bug #17781: Resolv::DNS RequestID table allocations are never freed, causing DNS lookups to eventually hang
update... https://github.com/ruby/resolv/pull/9/files got merged. sam.saffron (Sam Saffron)

05/17/2021

04:15 AM Ruby master Misc #17811: DevelopersMeeting20210521Japan
* [Bug #17781] Resolv::DNS RequestID table allocations are never freed, causing DNS lookups to eventually hang
* ...
sam.saffron (Sam Saffron)

05/11/2021

10:23 PM Ruby master Feature #17837: Add support for Regexp timeouts
An alternative may be something like:
`Thread.safe_raise` which allows for raising in places we consider "safe" l...
sam.saffron (Sam Saffron)
10:22 PM Ruby master Feature #17837: Add support for Regexp timeouts
@nobu I follow but unfortunately there are many ways in which `thread.raise` can corrupt internal state.
See: htt...
sam.saffron (Sam Saffron)
07:33 AM Ruby master Feature #17837: Add support for Regexp timeouts
I tested with:
```
diff --git a/thread.c b/thread.c
index 47e43ecb63..811b6e88a8 100644
--- a/thread.c
+++ b/...
sam.saffron (Sam Saffron)

05/07/2021

08:14 AM Ruby master Feature #17837: Add support for Regexp timeouts
@mame not sure if the compiler takes care of this but maybe we can avoid calls to GET_THREAD if the static reg_match_... sam.saffron (Sam Saffron)

05/03/2021

07:57 AM Ruby master Feature #17837: Add support for Regexp timeouts
> Shouldn't an app have a global timeout per request anyway
Sort of, it gets complicated. Unicorn is easy cause it...
sam.saffron (Sam Saffron)

04/28/2021

07:25 AM Ruby master Feature #17837: Add support for Regexp timeouts
I wonder if even a lightweight SIGVTALRM may be too much of a performance hit? On the upside though not needing to th... sam.saffron (Sam Saffron)

04/27/2021

11:39 PM Ruby master Feature #17837 (Open): Add support for Regexp timeouts
### Background
ReDoS are a very common security issue. At Discourse we have seen a few through the years. https://...
sam.saffron (Sam Saffron)

04/21/2021

07:30 AM Ruby master Feature #17795: Around `Process.fork` callbacks API
There is some precedent @jeremyevans0 for library authors offering all the poisons to the users.
For example:
htt...
sam.saffron (Sam Saffron)

Also available in: Atom