don't recurse infinitely in Data::Dumper
authorTony Cook <tony@develop-help.com>
Mon, 30 Jun 2014 02:16:03 +0000 (12:16 +1000)
committerRicardo Signes <rjbs@cpan.org>
Thu, 18 Sep 2014 13:06:21 +0000 (09:06 -0400)
commit19be3be6968e2337bcdfe480693fff795ecd1304
tree5444ad1ebc94a6fbab433ab20bc8ec22d07c3696
parent9c19a6c70398689cd5f09e87fe7dc48197a69524
don't recurse infinitely in Data::Dumper

Add a configuration variable/option to limit recursion when dumping
deep data structures.

Defaults the limit to 1000, which can be reduced or increase, or
eliminated by setting it to 0.

This patch addresses CVE-2014-4330.  This bug was found and
reported by: LSE Leading Security Experts GmbH employee Markus
Vervier.
MANIFEST
dist/Data-Dumper/Dumper.pm
dist/Data-Dumper/Dumper.xs
dist/Data-Dumper/t/recurse.t [new file with mode: 0644]