Fix integer overflowv3_0_3

Make use of the check in rb_alloc_tmp_buffer2. https://hackerone.com/reports/1328463 When parsing cookies, only decode the values Bump version Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org> Co-authored-by: Yusuke Endoh <mame@ruby-lang.org>
author: nagachika <nagachika@ruby-lang.org> 2021-11-24 20:12:15 +0900
committer: nagachika <nagachika@ruby-lang.org> 2021-11-24 20:12:15 +0900
commit: 3fb7d2cadc18472ec107b14234933b017a33c14d (patch)
tree: ac6356f874ec593962c139d4082e7944d21cc5d4 /lib/cgi
parent: 02dfd5a7100841f61ba0bc976339d0ad7c76437f (diff)
1 files changed, 0 insertions, 1 deletions
diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
index ae9ab58ede..6b0d89ca3b 100644
--- a/lib/cgi/cookie.rb
+++ b/lib/cgi/cookie.rb
@@ -159,7 +159,6 @@ class CGI
       raw_cookie.split(/;\s?/).each do |pairs|
         name, values = pairs.split('=',2)
         next unless name and values
-        name = CGI.unescape(name)
         values ||= ""
         values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) }
         if cookies.has_key?(name)
author	nagachika <nagachika@ruby-lang.org>	2021-11-24 20:12:15 +0900
committer	nagachika <nagachika@ruby-lang.org>	2021-11-24 20:12:15 +0900
commit	3fb7d2cadc18472ec107b14234933b017a33c14d (patch)
tree	ac6356f874ec593962c139d4082e7944d21cc5d4 /lib/cgi
parent	02dfd5a7100841f61ba0bc976339d0ad7c76437f (diff)