ruby-changes:43508
From: shugo <ko1@a...>
Date: Wed, 6 Jul 2016 09:01:26 +0900 (JST)
Subject: [ruby-changes:43508] shugo:r55581 (trunk): * lib/net/http/generic_rquest.rb (write_header): A Request-Line must
shugo 2016-07-06 09:01:20 +0900 (Wed, 06 Jul 2016) New Revision: 55581 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55581 Log: * lib/net/http/generic_rquest.rb (write_header): A Request-Line must not contain CR or LF. Modified files: trunk/ChangeLog trunk/lib/net/http/generic_request.rb trunk/test/net/http/test_http.rb Index: lib/net/http/generic_request.rb =================================================================== --- lib/net/http/generic_request.rb (revision 55580) +++ lib/net/http/generic_request.rb (revision 55581) @@ -321,7 +321,12 @@ class Net::HTTPGenericRequest https://github.com/ruby/ruby/blob/trunk/lib/net/http/generic_request.rb#L321 end def write_header(sock, ver, path) - buf = "#{@method} #{path} HTTP/#{ver}\r\n" + reqline = "#{@method} #{path} HTTP/#{ver}" + if /[\r\n]/ =~ reqline + raise ArgumentError, "A Request-Line must not contain CR or LF" + end + buf = "" + buf << reqline << "\r\n" each_capitalized do |k,v| buf << "#{k}: #{v}\r\n" end Index: ChangeLog =================================================================== --- ChangeLog (revision 55580) +++ ChangeLog (revision 55581) @@ -1,3 +1,8 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Wed Jul 6 08:59:35 2016 Shugo Maeda <shugo@r...> + + * lib/net/http/generic_rquest.rb (write_header): A Request-Line must + not contain CR or LF. + Wed Jul 6 07:11:27 2016 Shugo Maeda <shugo@r...> * lib/net/ftp.rb (putline): raise an ArgumentError when Index: test/net/http/test_http.rb =================================================================== --- test/net/http/test_http.rb (revision 55580) +++ test/net/http/test_http.rb (revision 55581) @@ -315,6 +315,14 @@ module TestNetHTTP_version_1_1_methods https://github.com/ruby/ruby/blob/trunk/test/net/http/test_http.rb#L315 assert_equal $test_net_http_data, res.body end + def test_get__crlf + start {|http| + assert_raise(ArgumentError) do + http.get("\r") + end + } + end + def test_get2 start {|http| http.get2('/') {|res| -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/