summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authornagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2020-03-20 08:12:05 (GMT)
committernagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2020-03-20 08:12:05 (GMT)
commit36e9ed7fef6eb2d14becf6c52452e4ab16e4bf01 (patch)
treec63e90c24554fdfcaa2cb392a390691804628a3a
parentb16ddc13f08b1d777763ec933bc791e74ee867f5 (diff)
backport 80b5a0ff2a7709367178f29d4ebe1c54122b1c27 partially as a securify fix for CVE-2020-10663.
The patch was provided by Jeremy Evans. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67856 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r--ext/json/parser/parser.c2
-rw-r--r--ext/json/parser/parser.rl2
-rw-r--r--version.h2
3 files changed, 3 insertions, 3 deletions
diff --git a/ext/json/parser/parser.c b/ext/json/parser/parser.c
index b02aae8..027fbcc 100644
--- a/ext/json/parser/parser.c
+++ b/ext/json/parser/parser.c
@@ -1835,7 +1835,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self)
} else {
json->max_nesting = 100;
json->allow_nan = 0;
- json->create_additions = 1;
+ json->create_additions = 0;
json->create_id = rb_funcall(mJSON, i_create_id, 0);
json->object_class = Qnil;
json->array_class = Qnil;
diff --git a/ext/json/parser/parser.rl b/ext/json/parser/parser.rl
index d4e7a60..fb0bb51 100644
--- a/ext/json/parser/parser.rl
+++ b/ext/json/parser/parser.rl
@@ -730,7 +730,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self)
} else {
json->max_nesting = 100;
json->allow_nan = 0;
- json->create_additions = 1;
+ json->create_additions = 0;
json->create_id = rb_funcall(mJSON, i_create_id, 0);
json->object_class = Qnil;
json->array_class = Qnil;
diff --git a/version.h b/version.h
index 6418e30..97b395a 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
#define RUBY_VERSION "2.6.6"
#define RUBY_RELEASE_DATE "2020-03-20"
-#define RUBY_PATCHLEVEL 141
+#define RUBY_PATCHLEVEL 142
#define RUBY_RELEASE_YEAR 2020
#define RUBY_RELEASE_MONTH 3