From 062d2ee6f798205c3046730d0d348cfd0d0bc09d Mon Sep 17 00:00:00 2001 From: naruse Date: Tue, 12 Feb 2013 03:05:45 +0000 Subject: * ext/json: merge JSON 1.7.7. This includes security fix. [CVE-2013-0269] https://github.com/flori/json/commit/d0a62f3ced7560daba2ad546d83f0479a5ae2cf2 https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39208 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ext/json/parser/parser.c | 8 ++++---- ext/json/parser/parser.rl | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) (limited to 'ext/json/parser') diff --git a/ext/json/parser/parser.c b/ext/json/parser/parser.c index c140fdb2fe..df89f2c58b 100644 --- a/ext/json/parser/parser.c +++ b/ext/json/parser/parser.c @@ -1618,7 +1618,7 @@ static VALUE convert_encoding(VALUE source) * _opts_ can have the following keys: * * *max_nesting*: The maximum depth of nesting allowed in the parsed data * structures. Disable depth checking with :max_nesting => false|nil|0, it - * defaults to 19. + * defaults to 100. * * *allow_nan*: If set to true, allow NaN, Infinity and -Infinity in * defiance of RFC 4627 to be parsed by the Parser. This option defaults to * false. @@ -1655,7 +1655,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self) json->max_nesting = 0; } } else { - json->max_nesting = 19; + json->max_nesting = 100; } tmp = ID2SYM(i_allow_nan); if (option_given_p(opts, tmp)) { @@ -1680,7 +1680,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self) if (option_given_p(opts, tmp)) { json->create_additions = RTEST(rb_hash_aref(opts, tmp)); } else { - json->create_additions = 1; + json->create_additions = 0; } tmp = ID2SYM(i_create_id); if (option_given_p(opts, tmp)) { @@ -1709,7 +1709,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self) } } } else { - json->max_nesting = 19; + json->max_nesting = 100; json->allow_nan = 0; json->create_additions = 1; json->create_id = rb_funcall(mJSON, i_create_id, 0); diff --git a/ext/json/parser/parser.rl b/ext/json/parser/parser.rl index 20ecc486e1..ab8d318173 100644 --- a/ext/json/parser/parser.rl +++ b/ext/json/parser/parser.rl @@ -602,7 +602,7 @@ static VALUE convert_encoding(VALUE source) * _opts_ can have the following keys: * * *max_nesting*: The maximum depth of nesting allowed in the parsed data * structures. Disable depth checking with :max_nesting => false|nil|0, it - * defaults to 19. + * defaults to 100. * * *allow_nan*: If set to true, allow NaN, Infinity and -Infinity in * defiance of RFC 4627 to be parsed by the Parser. This option defaults to * false. @@ -639,7 +639,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self) json->max_nesting = 0; } } else { - json->max_nesting = 19; + json->max_nesting = 100; } tmp = ID2SYM(i_allow_nan); if (option_given_p(opts, tmp)) { @@ -664,7 +664,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self) if (option_given_p(opts, tmp)) { json->create_additions = RTEST(rb_hash_aref(opts, tmp)); } else { - json->create_additions = 1; + json->create_additions = 0; } tmp = ID2SYM(i_create_id); if (option_given_p(opts, tmp)) { @@ -693,7 +693,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self) } } } else { - json->max_nesting = 19; + json->max_nesting = 100; json->allow_nan = 0; json->create_additions = 1; json->create_id = rb_funcall(mJSON, i_create_id, 0); -- cgit v1.2.3