From 3fb7d2cadc18472ec107b14234933b017a33c14d Mon Sep 17 00:00:00 2001
From: nagachika <nagachika@ruby-lang.org>
Date: Wed, 24 Nov 2021 20:12:15 +0900
Subject:     Fix integer overflow

    Make use of the check in rb_alloc_tmp_buffer2.

    https://hackerone.com/reports/1328463

    When parsing cookies, only decode the values

    Bump version

    Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
    Co-authored-by: Yusuke Endoh <mame@ruby-lang.org>
---
 test/cgi/test_cgi_cookie.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'test/cgi')

diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb
index 115a57e4a1..985cc0d7a1 100644
--- a/test/cgi/test_cgi_cookie.rb
+++ b/test/cgi/test_cgi_cookie.rb
@@ -101,6 +101,11 @@ class CGICookieTest < Test::Unit::TestCase
     end
   end
 
+  def test_cgi_cookie_parse_not_decode_name
+    cookie_str = "%66oo=baz;foo=bar"
+    cookies = CGI::Cookie.parse(cookie_str)
+    assert_equal({"%66oo" => ["baz"], "foo" => ["bar"]}, cookies)
+  end
 
   def test_cgi_cookie_arrayinterface
     cookie = CGI::Cookie.new('name1', 'a', 'b', 'c')
-- 
cgit v1.2.3