[前][次][番号順一覧][スレッド一覧]

ruby-changes:69912

From: nagachika <ko1@a...>
Date: Wed, 24 Nov 2021 20:14:54 +0900 (JST)
Subject: [ruby-changes:69912] 3fb7d2cadc (ruby_3_0): Fix integer overflow

https://git.ruby-lang.org/ruby.git/commit/?id=3fb7d2cadc

From 3fb7d2cadc18472ec107b14234933b017a33c14d Mon Sep 17 00:00:00 2001
From: nagachika <nagachika@r...>
Date: Wed, 24 Nov 2021 20:12:15 +0900
Subject:     Fix integer overflow

    Make use of the check in rb_alloc_tmp_buffer2.

    https://hackerone.com/reports/1328463

    When parsing cookies, only decode the values

    Bump version

    Co-authored-by: Nobuyoshi Nakada <nobu@r...>
    Co-authored-by: Yusuke Endoh <mame@r...>
---
 ext/cgi/escape/escape.c     | 3 ++-
 lib/cgi.rb                  | 2 +-
 lib/cgi/cookie.rb           | 1 -
 test/cgi/test_cgi_cookie.rb | 5 +++++
 version.h                   | 2 +-
 5 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/ext/cgi/escape/escape.c b/ext/cgi/escape/escape.c
index 77627e2f03c..d001eacd907 100644
--- a/ext/cgi/escape/escape.c
+++ b/ext/cgi/escape/escape.c
@@ -36,7 +36,8 @@ static VALUE https://github.com/ruby/ruby/blob/trunk/ext/cgi/escape/escape.c#L36
 optimized_escape_html(VALUE str)
 {
     VALUE vbuf;
-    char *buf = ALLOCV_N(char, vbuf, RSTRING_LEN(str) * HTML_ESCAPE_MAX_LEN);
+    typedef char escape_buf[HTML_ESCAPE_MAX_LEN];
+    char *buf = *ALLOCV_N(escape_buf, vbuf, RSTRING_LEN(str));
     const char *cstr = RSTRING_PTR(str);
     const char *end = cstr + RSTRING_LEN(str);
 
diff --git a/lib/cgi.rb b/lib/cgi.rb
index 3b53d27a2e2..70b9d8c97bd 100644
--- a/lib/cgi.rb
+++ b/lib/cgi.rb
@@ -288,7 +288,7 @@ https://github.com/ruby/ruby/blob/trunk/lib/cgi.rb#L288
 #
 
 class CGI
-  VERSION = "0.2.0"
+  VERSION = "0.2.1"
 end
 
 require 'cgi/core'
diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
index ae9ab58edef..6b0d89ca3ba 100644
--- a/lib/cgi/cookie.rb
+++ b/lib/cgi/cookie.rb
@@ -159,7 +159,6 @@ class CGI https://github.com/ruby/ruby/blob/trunk/lib/cgi/cookie.rb#L159
       raw_cookie.split(/;\s?/).each do |pairs|
         name, values = pairs.split('=',2)
         next unless name and values
-        name = CGI.unescape(name)
         values ||= ""
         values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) }
         if cookies.has_key?(name)
diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb
index 115a57e4a10..985cc0d7a1a 100644
--- a/test/cgi/test_cgi_cookie.rb
+++ b/test/cgi/test_cgi_cookie.rb
@@ -101,6 +101,11 @@ class CGICookieTest < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/cgi/test_cgi_cookie.rb#L101
     end
   end
 
+  def test_cgi_cookie_parse_not_decode_name
+    cookie_str = "%66oo=baz;foo=bar"
+    cookies = CGI::Cookie.parse(cookie_str)
+    assert_equal({"%66oo" => ["baz"], "foo" => ["bar"]}, cookies)
+  end
 
   def test_cgi_cookie_arrayinterface
     cookie = CGI::Cookie.new('name1', 'a', 'b', 'c')
diff --git a/version.h b/version.h
index 7ecaee02a66..391460e6d15 100644
--- a/version.h
+++ b/version.h
@@ -12,7 +12,7 @@ https://github.com/ruby/ruby/blob/trunk/version.h#L12
 # define RUBY_VERSION_MINOR RUBY_API_VERSION_MINOR
 #define RUBY_VERSION_TEENY 3
 #define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR
-#define RUBY_PATCHLEVEL 156
+#define RUBY_PATCHLEVEL 157
 
 #define RUBY_RELEASE_YEAR 2021
 #define RUBY_RELEASE_MONTH 11
-- 
cgit v1.2.1


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]