From 3fb7d2cadc18472ec107b14234933b017a33c14d Mon Sep 17 00:00:00 2001
From: nagachika <nagachika@ruby-lang.org>
Date: Wed, 24 Nov 2021 20:12:15 +0900
Subject:     Fix integer overflow

    Make use of the check in rb_alloc_tmp_buffer2.

    https://hackerone.com/reports/1328463

    When parsing cookies, only decode the values

    Bump version

    Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
    Co-authored-by: Yusuke Endoh <mame@ruby-lang.org>
---
 lib/cgi/cookie.rb | 1 -
 1 file changed, 1 deletion(-)

(limited to 'lib/cgi/cookie.rb')

diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
index ae9ab58ede..6b0d89ca3b 100644
--- a/lib/cgi/cookie.rb
+++ b/lib/cgi/cookie.rb
@@ -159,7 +159,6 @@ class CGI
       raw_cookie.split(/;\s?/).each do |pairs|
         name, values = pairs.split('=',2)
         next unless name and values
-        name = CGI.unescape(name)
         values ||= ""
         values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) }
         if cookies.has_key?(name)
-- 
cgit v1.2.3