Fix integer overflowv3_0_3

    Make use of the check in rb_alloc_tmp_buffer2.

    https://hackerone.com/reports/1328463

    When parsing cookies, only decode the values

    Bump version

    Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
    Co-authored-by: Yusuke Endoh <mame@ruby-lang.org>

1 files changed, 5 insertions, 0 deletions

diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb
index 115a57e4a1..985cc0d7a1 100644
--- a/test/cgi/test_cgi_cookie.rb
+++ b/test/cgi/test_cgi_cookie.rb
@@ -101,6 +101,11 @@ class CGICookieTest < Test::Unit::TestCase
     end
   end
 
+  def test_cgi_cookie_parse_not_decode_name
+    cookie_str = "%66oo=baz;foo=bar"
+    cookies = CGI::Cookie.parse(cookie_str)
+    assert_equal({"%66oo" => ["baz"], "foo" => ["bar"]}, cookies)
+  end
 
   def test_cgi_cookie_arrayinterface
     cookie = CGI::Cookie.new('name1', 'a', 'b', 'c')