diff options
author | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2020-03-20 08:12:05 +0000 |
---|---|---|
committer | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2020-03-20 08:12:05 +0000 |
commit | 36e9ed7fef6eb2d14becf6c52452e4ab16e4bf01 (patch) | |
tree | c63e90c24554fdfcaa2cb392a390691804628a3a | |
parent | b16ddc13f08b1d777763ec933bc791e74ee867f5 (diff) |
backport 80b5a0ff2a7709367178f29d4ebe1c54122b1c27 partially as a securify fix for CVE-2020-10663.
The patch was provided by Jeremy Evans.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67856 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ext/json/parser/parser.c | 2 | ||||
-rw-r--r-- | ext/json/parser/parser.rl | 2 | ||||
-rw-r--r-- | version.h | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/ext/json/parser/parser.c b/ext/json/parser/parser.c index b02aae8fb9..027fbcc26f 100644 --- a/ext/json/parser/parser.c +++ b/ext/json/parser/parser.c @@ -1835,7 +1835,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self) } else { json->max_nesting = 100; json->allow_nan = 0; - json->create_additions = 1; + json->create_additions = 0; json->create_id = rb_funcall(mJSON, i_create_id, 0); json->object_class = Qnil; json->array_class = Qnil; diff --git a/ext/json/parser/parser.rl b/ext/json/parser/parser.rl index d4e7a60e9d..fb0bb515de 100644 --- a/ext/json/parser/parser.rl +++ b/ext/json/parser/parser.rl @@ -730,7 +730,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self) } else { json->max_nesting = 100; json->allow_nan = 0; - json->create_additions = 1; + json->create_additions = 0; json->create_id = rb_funcall(mJSON, i_create_id, 0); json->object_class = Qnil; json->array_class = Qnil; @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.6.6" #define RUBY_RELEASE_DATE "2020-03-20" -#define RUBY_PATCHLEVEL 141 +#define RUBY_PATCHLEVEL 142 #define RUBY_RELEASE_YEAR 2020 #define RUBY_RELEASE_MONTH 3 |