1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
From b379ecd8b6832dfcd5dad353b6bfd41701e2d678 Mon Sep 17 00:00:00 2001
From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 30 Mar 2020 22:22:10 +0000
Subject: [PATCH] merge revision(s) 36e9ed7fef6eb2d14becf6c52452e4ab16e4bf01:
[Backport #16698]
backport 80b5a0ff2a7709367178f29d4ebe1c54122b1c27 partially as a
securify fix for CVE-2020-10663. The patch was provided by Jeremy Evans.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67856 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@67869 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Author: Utkarsh Gupta <utkarsh@debian.org>
--- a/ext/json/ext/parser/parser.c
+++ b/ext/json/ext/parser/parser.c
@@ -1791,7 +1791,7 @@
} else {
json->max_nesting = 100;
json->allow_nan = 0;
- json->create_additions = 1;
+ json->create_additions = 0;
json->create_id = rb_funcall(mJSON, i_create_id, 0);
json->object_class = Qnil;
json->array_class = Qnil;
--- a/ext/json/ext/parser/parser.rl
+++ b/ext/json/ext/parser/parser.rl
@@ -686,7 +686,7 @@
} else {
json->max_nesting = 100;
json->allow_nan = 0;
- json->create_additions = 1;
+ json->create_additions = 0;
json->create_id = rb_funcall(mJSON, i_create_id, 0);
json->object_class = Qnil;
json->array_class = Qnil;
|
