From 3fb7d2cadc18472ec107b14234933b017a33c14d Mon Sep 17 00:00:00 2001
From: nagachika <nagachika@ruby-lang.org>
Date: Wed, 24 Nov 2021 20:12:15 +0900
Subject:     Fix integer overflow

    Make use of the check in rb_alloc_tmp_buffer2.

    https://hackerone.com/reports/1328463

    When parsing cookies, only decode the values

    Bump version

    Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
    Co-authored-by: Yusuke Endoh <mame@ruby-lang.org>
---
 lib/cgi.rb        | 2 +-
 lib/cgi/cookie.rb | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/cgi.rb b/lib/cgi.rb
index 3b53d27a2e..70b9d8c97b 100644
--- a/lib/cgi.rb
+++ b/lib/cgi.rb
@@ -288,7 +288,7 @@
 #
 
 class CGI
-  VERSION = "0.2.0"
+  VERSION = "0.2.1"
 end
 
 require 'cgi/core'
diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
index ae9ab58ede..6b0d89ca3b 100644
--- a/lib/cgi/cookie.rb
+++ b/lib/cgi/cookie.rb
@@ -159,7 +159,6 @@ class CGI
       raw_cookie.split(/;\s?/).each do |pairs|
         name, values = pairs.split('=',2)
         next unless name and values
-        name = CGI.unescape(name)
         values ||= ""
         values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) }
         if cookies.has_key?(name)
-- 
cgit v1.2.3