diff options
author | nagachika <nagachika@ruby-lang.org> | 2021-11-24 20:12:15 +0900 |
---|---|---|
committer | nagachika <nagachika@ruby-lang.org> | 2021-11-24 20:12:15 +0900 |
commit | 3fb7d2cadc18472ec107b14234933b017a33c14d (patch) | |
tree | ac6356f874ec593962c139d4082e7944d21cc5d4 /lib | |
parent | 02dfd5a7100841f61ba0bc976339d0ad7c76437f (diff) |
Fix integer overflowv3_0_3
Make use of the check in rb_alloc_tmp_buffer2.
https://hackerone.com/reports/1328463
When parsing cookies, only decode the values
Bump version
Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
Co-authored-by: Yusuke Endoh <mame@ruby-lang.org>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/cgi.rb | 2 | ||||
-rw-r--r-- | lib/cgi/cookie.rb | 1 |
2 files changed, 1 insertions, 2 deletions
diff --git a/lib/cgi.rb b/lib/cgi.rb index 3b53d27a2e..70b9d8c97b 100644 --- a/lib/cgi.rb +++ b/lib/cgi.rb @@ -288,7 +288,7 @@ # class CGI - VERSION = "0.2.0" + VERSION = "0.2.1" end require 'cgi/core' diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb index ae9ab58ede..6b0d89ca3b 100644 --- a/lib/cgi/cookie.rb +++ b/lib/cgi/cookie.rb @@ -159,7 +159,6 @@ class CGI raw_cookie.split(/;\s?/).each do |pairs| name, values = pairs.split('=',2) next unless name and values - name = CGI.unescape(name) values ||= "" values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) } if cookies.has_key?(name) |