summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authornagachika <nagachika@ruby-lang.org>2021-11-24 20:12:15 +0900
committernagachika <nagachika@ruby-lang.org>2021-11-24 20:12:15 +0900
commit3fb7d2cadc18472ec107b14234933b017a33c14d (patch)
treeac6356f874ec593962c139d4082e7944d21cc5d4
parent02dfd5a7100841f61ba0bc976339d0ad7c76437f (diff)
Fix integer overflowv3_0_3
Make use of the check in rb_alloc_tmp_buffer2. https://hackerone.com/reports/1328463 When parsing cookies, only decode the values Bump version Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org> Co-authored-by: Yusuke Endoh <mame@ruby-lang.org>
-rw-r--r--ext/cgi/escape/escape.c3
-rw-r--r--lib/cgi.rb2
-rw-r--r--lib/cgi/cookie.rb1
-rw-r--r--test/cgi/test_cgi_cookie.rb5
-rw-r--r--version.h2
5 files changed, 9 insertions, 4 deletions
diff --git a/ext/cgi/escape/escape.c b/ext/cgi/escape/escape.c
index 77627e2f03c..d001eacd907 100644
--- a/ext/cgi/escape/escape.c
+++ b/ext/cgi/escape/escape.c
@@ -36,7 +36,8 @@ static VALUE
optimized_escape_html(VALUE str)
{
VALUE vbuf;
- char *buf = ALLOCV_N(char, vbuf, RSTRING_LEN(str) * HTML_ESCAPE_MAX_LEN);
+ typedef char escape_buf[HTML_ESCAPE_MAX_LEN];
+ char *buf = *ALLOCV_N(escape_buf, vbuf, RSTRING_LEN(str));
const char *cstr = RSTRING_PTR(str);
const char *end = cstr + RSTRING_LEN(str);
diff --git a/lib/cgi.rb b/lib/cgi.rb
index 3b53d27a2e2..70b9d8c97bd 100644
--- a/lib/cgi.rb
+++ b/lib/cgi.rb
@@ -288,7 +288,7 @@
#
class CGI
- VERSION = "0.2.0"
+ VERSION = "0.2.1"
end
require 'cgi/core'
diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
index ae9ab58edef..6b0d89ca3ba 100644
--- a/lib/cgi/cookie.rb
+++ b/lib/cgi/cookie.rb
@@ -159,7 +159,6 @@ class CGI
raw_cookie.split(/;\s?/).each do |pairs|
name, values = pairs.split('=',2)
next unless name and values
- name = CGI.unescape(name)
values ||= ""
values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) }
if cookies.has_key?(name)
diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb
index 115a57e4a10..985cc0d7a1a 100644
--- a/test/cgi/test_cgi_cookie.rb
+++ b/test/cgi/test_cgi_cookie.rb
@@ -101,6 +101,11 @@ class CGICookieTest < Test::Unit::TestCase
end
end
+ def test_cgi_cookie_parse_not_decode_name
+ cookie_str = "%66oo=baz;foo=bar"
+ cookies = CGI::Cookie.parse(cookie_str)
+ assert_equal({"%66oo" => ["baz"], "foo" => ["bar"]}, cookies)
+ end
def test_cgi_cookie_arrayinterface
cookie = CGI::Cookie.new('name1', 'a', 'b', 'c')
diff --git a/version.h b/version.h
index 7ecaee02a66..391460e6d15 100644
--- a/version.h
+++ b/version.h
@@ -12,7 +12,7 @@
# define RUBY_VERSION_MINOR RUBY_API_VERSION_MINOR
#define RUBY_VERSION_TEENY 3
#define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR
-#define RUBY_PATCHLEVEL 156
+#define RUBY_PATCHLEVEL 157
#define RUBY_RELEASE_YEAR 2021
#define RUBY_RELEASE_MONTH 11