From: Nobuyoshi Nakada <nobu@ruby-lang.org>
Date: Mon, 29 Jun 2020 01:29:25 +0000 (+0900)
Subject: [PATCH] When parsing cookies, only decode the values
X-Git-Tag: archive/raspbian/2.3.3-1+deb9u11+rpi1^2~1
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=e79942fbeb75bd008ca14b1cee46cb1863ca49d1;p=ruby2.3.git

[PATCH] When parsing cookies, only decode the values


Gbp-Pq: Name CVE-2021-41819.patch
---

diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
index ffd88b8..66a3fee 100644
--- a/lib/cgi/cookie.rb
+++ b/lib/cgi/cookie.rb
@@ -165,7 +165,6 @@ class CGI
       raw_cookie.split(/[;,]\s?/).each do |pairs|
         name, values = pairs.split('=',2)
         next unless name and values
-        name = CGI.unescape(name)
         values ||= ""
         values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) }
         if cookies.has_key?(name)
diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb
index ae7b14a..e7788fe 100644
--- a/test/cgi/test_cgi_cookie.rb
+++ b/test/cgi/test_cgi_cookie.rb
@@ -98,6 +98,11 @@ class CGICookieTest < Test::Unit::TestCase
     end
   end
 
+  def test_cgi_cookie_parse_not_decode_name
+    cookie_str = "%66oo=baz;foo=bar"
+    cookies = CGI::Cookie.parse(cookie_str)
+    assert_equal({"%66oo" => ["baz"], "foo" => ["bar"]}, cookies)
+  end
 
   def test_cgi_cookie_arrayinterface
     cookie = CGI::Cookie.new('name1', 'a', 'b', 'c')