diff options
author | nagachika <nagachika@ruby-lang.org> | 2021-11-24 20:12:15 +0900 |
---|---|---|
committer | nagachika <nagachika@ruby-lang.org> | 2021-11-24 20:12:15 +0900 |
commit | 3fb7d2cadc18472ec107b14234933b017a33c14d (patch) | |
tree | ac6356f874ec593962c139d4082e7944d21cc5d4 /test/cgi/test_cgi_cookie.rb | |
parent | 02dfd5a7100841f61ba0bc976339d0ad7c76437f (diff) |
Fix integer overflowv3_0_3
Make use of the check in rb_alloc_tmp_buffer2.
https://hackerone.com/reports/1328463
When parsing cookies, only decode the values
Bump version
Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
Co-authored-by: Yusuke Endoh <mame@ruby-lang.org>
Diffstat (limited to 'test/cgi/test_cgi_cookie.rb')
-rw-r--r-- | test/cgi/test_cgi_cookie.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb index 115a57e4a1..985cc0d7a1 100644 --- a/test/cgi/test_cgi_cookie.rb +++ b/test/cgi/test_cgi_cookie.rb @@ -101,6 +101,11 @@ class CGICookieTest < Test::Unit::TestCase end end + def test_cgi_cookie_parse_not_decode_name + cookie_str = "%66oo=baz;foo=bar" + cookies = CGI::Cookie.parse(cookie_str) + assert_equal({"%66oo" => ["baz"], "foo" => ["bar"]}, cookies) + end def test_cgi_cookie_arrayinterface cookie = CGI::Cookie.new('name1', 'a', 'b', 'c') |