Commit 91459172 authored by Sruthi Chandran's avatar Sruthi Chandran

remove already deleted patch from git

parent 54680099
From: Aaron Patterson <aaron.patterson () gmail com>
Date: Tue, 20 Jan 2015 14:30:13 -0800
Subject: raise an exception if the parameters are too deep
CVE-2015-3225
Conflicts:
lib/rack/utils.rb
test/spec_utils.rb
---
lib/rack/utils.rb | 15 +++++++++++----
test/spec_utils.rb | 12 ++++++++++++
2 files changed, 23 insertions(+), 4 deletions(-)
Index: ruby-rack/test/spec_utils.rb
===================================================================
--- ruby-rack.orig/test/spec_utils.rb
+++ ruby-rack/test/spec_utils.rb
@@ -146,6 +146,18 @@ describe Rack::Utils do
}.should.not.raise
end
+ should "raise an exception if the params are too deep" do
+ len = Rack::Utils.param_depth_limit
+
+ lambda {
+ Rack::Utils.parse_nested_query("foo#{"[a]" * len}=bar")
+ }.should.raise(RangeError)
+
+ lambda {
+ Rack::Utils.parse_nested_query("foo#{"[a]" * (len - 1)}=bar")
+ }.should.not.raise
+ end
+
should "parse nested query strings correctly" do
Rack::Utils.parse_nested_query("foo").
should.equal "foo" => nil
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment