diff options
author | nagachika <nagachika@ruby-lang.org> | 2021-11-24 20:12:15 +0900 |
---|---|---|
committer | nagachika <nagachika@ruby-lang.org> | 2021-11-24 20:12:15 +0900 |
commit | 3fb7d2cadc18472ec107b14234933b017a33c14d (patch) | |
tree | ac6356f874ec593962c139d4082e7944d21cc5d4 | |
parent | 02dfd5a7100841f61ba0bc976339d0ad7c76437f (diff) |
Fix integer overflowv3_0_3
Make use of the check in rb_alloc_tmp_buffer2.
https://hackerone.com/reports/1328463
When parsing cookies, only decode the values
Bump version
Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
Co-authored-by: Yusuke Endoh <mame@ruby-lang.org>
-rw-r--r-- | ext/cgi/escape/escape.c | 3 | ||||
-rw-r--r-- | lib/cgi.rb | 2 | ||||
-rw-r--r-- | lib/cgi/cookie.rb | 1 | ||||
-rw-r--r-- | test/cgi/test_cgi_cookie.rb | 5 | ||||
-rw-r--r-- | version.h | 2 |
5 files changed, 9 insertions, 4 deletions
diff --git a/ext/cgi/escape/escape.c b/ext/cgi/escape/escape.c index 77627e2f03..d001eacd90 100644 --- a/ext/cgi/escape/escape.c +++ b/ext/cgi/escape/escape.c @@ -36,7 +36,8 @@ static VALUE optimized_escape_html(VALUE str) { VALUE vbuf; - char *buf = ALLOCV_N(char, vbuf, RSTRING_LEN(str) * HTML_ESCAPE_MAX_LEN); + typedef char escape_buf[HTML_ESCAPE_MAX_LEN]; + char *buf = *ALLOCV_N(escape_buf, vbuf, RSTRING_LEN(str)); const char *cstr = RSTRING_PTR(str); const char *end = cstr + RSTRING_LEN(str); diff --git a/lib/cgi.rb b/lib/cgi.rb index 3b53d27a2e..70b9d8c97b 100644 --- a/lib/cgi.rb +++ b/lib/cgi.rb @@ -288,7 +288,7 @@ # class CGI - VERSION = "0.2.0" + VERSION = "0.2.1" end require 'cgi/core' diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb index ae9ab58ede..6b0d89ca3b 100644 --- a/lib/cgi/cookie.rb +++ b/lib/cgi/cookie.rb @@ -159,7 +159,6 @@ class CGI raw_cookie.split(/;\s?/).each do |pairs| name, values = pairs.split('=',2) next unless name and values - name = CGI.unescape(name) values ||= "" values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) } if cookies.has_key?(name) diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb index 115a57e4a1..985cc0d7a1 100644 --- a/test/cgi/test_cgi_cookie.rb +++ b/test/cgi/test_cgi_cookie.rb @@ -101,6 +101,11 @@ class CGICookieTest < Test::Unit::TestCase end end + def test_cgi_cookie_parse_not_decode_name + cookie_str = "%66oo=baz;foo=bar" + cookies = CGI::Cookie.parse(cookie_str) + assert_equal({"%66oo" => ["baz"], "foo" => ["bar"]}, cookies) + end def test_cgi_cookie_arrayinterface cookie = CGI::Cookie.new('name1', 'a', 'b', 'c') @@ -12,7 +12,7 @@ # define RUBY_VERSION_MINOR RUBY_API_VERSION_MINOR #define RUBY_VERSION_TEENY 3 #define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR -#define RUBY_PATCHLEVEL 156 +#define RUBY_PATCHLEVEL 157 #define RUBY_RELEASE_YEAR 2021 #define RUBY_RELEASE_MONTH 11 |