[前][次][番号順一覧][スレッド一覧]

ruby-changes:43508

From: shugo <ko1@a...>
Date: Wed, 6 Jul 2016 09:01:26 +0900 (JST)
Subject: [ruby-changes:43508] shugo:r55581 (trunk): * lib/net/http/generic_rquest.rb (write_header): A Request-Line must

shugo	2016-07-06 09:01:20 +0900 (Wed, 06 Jul 2016)

  New Revision: 55581

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55581

  Log:
    * lib/net/http/generic_rquest.rb (write_header): A Request-Line must
      not contain CR or LF.

  Modified files:
    trunk/ChangeLog
    trunk/lib/net/http/generic_request.rb
    trunk/test/net/http/test_http.rb
Index: lib/net/http/generic_request.rb
===================================================================
--- lib/net/http/generic_request.rb	(revision 55580)
+++ lib/net/http/generic_request.rb	(revision 55581)
@@ -321,7 +321,12 @@ class Net::HTTPGenericRequest https://github.com/ruby/ruby/blob/trunk/lib/net/http/generic_request.rb#L321
   end
 
   def write_header(sock, ver, path)
-    buf = "#{@method} #{path} HTTP/#{ver}\r\n"
+    reqline = "#{@method} #{path} HTTP/#{ver}"
+    if /[\r\n]/ =~ reqline
+      raise ArgumentError, "A Request-Line must not contain CR or LF"
+    end
+    buf = ""
+    buf << reqline << "\r\n"
     each_capitalized do |k,v|
       buf << "#{k}: #{v}\r\n"
     end
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 55580)
+++ ChangeLog	(revision 55581)
@@ -1,3 +1,8 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
+Wed Jul  6 08:59:35 2016  Shugo Maeda  <shugo@r...>
+
+	* lib/net/http/generic_rquest.rb (write_header): A Request-Line must
+	  not contain CR or LF.
+
 Wed Jul  6 07:11:27 2016  Shugo Maeda  <shugo@r...>
 
 	* lib/net/ftp.rb (putline): raise an ArgumentError when
Index: test/net/http/test_http.rb
===================================================================
--- test/net/http/test_http.rb	(revision 55580)
+++ test/net/http/test_http.rb	(revision 55581)
@@ -315,6 +315,14 @@ module TestNetHTTP_version_1_1_methods https://github.com/ruby/ruby/blob/trunk/test/net/http/test_http.rb#L315
     assert_equal $test_net_http_data, res.body
   end
 
+  def test_get__crlf
+    start {|http|
+      assert_raise(ArgumentError) do
+        http.get("\r")
+      end
+    }
+  end
+
   def test_get2
     start {|http|
       http.get2('/') {|res|

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]