aboutsummaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
authorNobuyoshi Nakada <nobu@ruby-lang.org>2021-09-03 19:40:22 +0900
committergit <svn-admin@ruby-lang.org>2021-12-12 13:05:15 +0900
commite4b35b158a16c42d2b91a3e88309875240d0ce27 (patch)
treec310fbf57098d2141f930d8cdb1720609fd2bac3 /test
parentfbd733701659eed2d5a652b5890cfa80ccbce864 (diff)
downloadruby-e4b35b158a16c42d2b91a3e88309875240d0ce27.tar.gz
[ruby/cgi] Check integer overflow in long range
https://hackerone.com/reports/1328463 https://github.com/ruby/cgi/commit/ccaf6027e0
Diffstat (limited to 'test')
-rw-r--r--test/cgi/test_cgi_util.rb17
1 files changed, 17 insertions, 0 deletions
diff --git a/test/cgi/test_cgi_util.rb b/test/cgi/test_cgi_util.rb
index 6ce8b42c20..5a2d07b328 100644
--- a/test/cgi/test_cgi_util.rb
+++ b/test/cgi/test_cgi_util.rb
@@ -104,6 +104,23 @@ class CGIUtilTest < Test::Unit::TestCase
assert_not_predicate CGI.escapeHTML("Ruby".freeze), :frozen?
end
+ def test_cgi_escape_html_large
+ ulong_max, size_max = RbConfig::LIMITS.values_at("ULONG_MAX", "SIZE_MAX")
+ return unless ulong_max < size_max # Platforms not concerned
+
+ size = (ulong_max / 6 + 1)
+ begin
+ str = '"' * size
+ escaped = CGI.escapeHTML(str)
+ rescue NoMemoryError
+ omit "Not enough memory"
+ rescue => e
+ end
+ assert_raise_with_message(ArgumentError, /overflow/, ->{"length = #{escaped.length}"}) do
+ raise e if e
+ end
+ end
+
def test_cgi_unescapeHTML
assert_equal("'&\"><", CGI.unescapeHTML("&#39;&amp;&quot;&gt;&lt;"))
end