45 lines
1.6 KiB
Diff
45 lines
1.6 KiB
Diff
From 616926b55e306a0704254a7ddfd6e9834d06c7f2 Mon Sep 17 00:00:00 2001
|
|
From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
|
|
Date: Thu, 29 Jun 2023 22:25:17 +0900
|
|
Subject: [PATCH] CVE-2023-36617 for Ruby 3.0 (#7997)
|
|
|
|
* Merge URI-0.10.3
|
|
|
|
* Merge URI-0.10.0.3 for Bundler
|
|
---
|
|
lib/uri/rfc2396_parser.rb | 4 ++--
|
|
lib/uri/rfc3986_parser.rb | 2 +-
|
|
2 files changed, 3 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/lib/uri/rfc2396_parser.rb b/lib/uri/rfc2396_parser.rb
|
|
index b9e7b2b..c7c3ecd 100644
|
|
--- a/lib/uri/rfc2396_parser.rb
|
|
+++ b/lib/uri/rfc2396_parser.rb
|
|
@@ -502,8 +502,8 @@ module URI
|
|
ret = {}
|
|
|
|
# for URI::split
|
|
- ret[:ABS_URI] = Regexp.new('\A\s*' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED)
|
|
- ret[:REL_URI] = Regexp.new('\A\s*' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED)
|
|
+ ret[:ABS_URI] = Regexp.new('\A\s*+' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED)
|
|
+ ret[:REL_URI] = Regexp.new('\A\s*+' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED)
|
|
|
|
# for URI::extract
|
|
ret[:URI_REF] = Regexp.new(pattern[:URI_REF])
|
|
diff --git a/lib/uri/rfc3986_parser.rb b/lib/uri/rfc3986_parser.rb
|
|
index ad32368..1accd03 100644
|
|
--- a/lib/uri/rfc3986_parser.rb
|
|
+++ b/lib/uri/rfc3986_parser.rb
|
|
@@ -106,7 +106,7 @@ module URI
|
|
QUERY: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/,
|
|
FRAGMENT: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/,
|
|
OPAQUE: /\A(?:[^\/].*)?\z/,
|
|
- PORT: /\A[\x09\x0a\x0c\x0d ]*\d*[\x09\x0a\x0c\x0d ]*\z/,
|
|
+ PORT: /\A[\x09\x0a\x0c\x0d ]*+\d*[\x09\x0a\x0c\x0d ]*\z/,
|
|
}
|
|
end
|
|
|
|
--
|
|
2.27.0
|
|
|