[ruby/net-ftp] Reduce resource cosumption of Net::FTP::TIME_PARSER

Reported by Alexandr Savca as a DoS vulnerability, but Net::FTP is a
client library and the impact of the issue is low, so I have decided
to fix it as a normal issue.
Based on patch by nobu.

https://github.com/ruby/net-ftp/commit/a93af636f8

lib/net/ftp.rb

@@ -1054,10 +1054,11 @@ module Net
     TIME_PARSER = ->(value, local = false) {
       unless /\A(?<year>\d{4})(?<month>\d{2})(?<day>\d{2})
             (?<hour>\d{2})(?<min>\d{2})(?<sec>\d{2})
-            (?:\.(?<fractions>\d+))?/x =~ value
+            (?:\.(?<fractions>\d{1,17}))?/x =~ value
+        value = value[0, 97] + "..." if value.size > 100
         raise FTPProtoError, "invalid time-val: #{value}"
       end
-      usec = fractions.to_i * 10 ** (6 - fractions.to_s.size)
+      usec = ".#{fractions}".to_r * 1_000_000 if fractions
       Time.public_send(local ? :local : :utc, year, month, day, hour, min, sec, usec)
     }
     FACT_PARSERS = Hash.new(CASE_DEPENDENT_PARSER)

test/net/ftp/test_ftp.rb

@@ -2509,6 +2509,17 @@ EOF
     end
   end
 
+  def test_time_parser
+    s = "20371231000000." + "9" * 999999999
+    assert_equal(Time.utc(2037, 12, 31, 0, 0, 0,
+                          99999999999999999r / 100000000000),
+                 Net::FTP::TIME_PARSER[s])
+    e = assert_raise(Net::FTPProtoError) {
+      Net::FTP::TIME_PARSER["x" * 999999999]
+    }
+    assert_equal("invalid time-val: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...", e.message)
+  end
+
   private
 
   def create_ftp_server(sleep_time = nil)