From 4263c0d15a582b46d75aac57cd26a47d33941a53 Mon Sep 17 00:00:00 2001
From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
Date: Fri, 21 Feb 2025 16:29:36 +0900
Subject: [PATCH] Truncate userinfo with URI#join, URI#merge and URI#+

Reference:https://github.com/ruby/uri/commit/4263c0d15a582b46d75aac57cd26a47d33941a53
Conflict:NA
---
 lib/uri/generic.rb       |  6 +++++-
 test/uri/test_generic.rb | 11 +++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/lib/uri/generic.rb b/lib/uri/generic.rb
index a4192c6..6b60873 100644
--- a/lib/uri/generic.rb
+++ b/lib/uri/generic.rb
@@ -1131,7 +1131,11 @@ module URI
       end
 
       # RFC2396, Section 5.2, 7)
-      base.set_userinfo(rel.userinfo) if rel.userinfo
+      if rel.userinfo
+        base.set_userinfo(rel.userinfo)
+      else
+        base.set_userinfo(nil)
+      end
       base.set_host(rel.host)         if rel.host
       base.set_port(rel.port)         if rel.port
       base.query = rel.query       if rel.query
diff --git a/test/uri/test_generic.rb b/test/uri/test_generic.rb
index b449a0a..8a611e3 100644
--- a/test/uri/test_generic.rb
+++ b/test/uri/test_generic.rb
@@ -157,6 +157,17 @@ class URI::TestGeneric < Test::Unit::TestCase
     assert_equal(nil, url.user)
     assert_equal(nil, url.password)
     assert_equal(nil, url.userinfo)
+
+    # sec-2957667
+    url = URI.parse('http://user:pass@example.com').merge('//example.net')
+    assert_equal('http://example.net', url.to_s)
+    assert_nil(url.userinfo)
+    url = URI.join('http://user:pass@example.com', '//example.net')
+    assert_equal('http://example.net', url.to_s)
+    assert_nil(url.userinfo)
+    url = URI.parse('http://user:pass@example.com') + '//example.net'
+    assert_equal('http://example.net', url.to_s)
+    assert_nil(url.userinfo)
   end
 
   def test_merge
-- 
2.33.0