ruby-changes:43801
From: usa <ko1@a...>
Date: Fri, 12 Aug 2016 11:46:45 +0900 (JST)
Subject: [ruby-changes:43801] usa:r55874 (ruby_2_2): merge revision(s) 55581, 55582: [Backport #12557]
usa 2016-08-12 11:46:40 +0900 (Fri, 12 Aug 2016) New Revision: 55874 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55874 Log: merge revision(s) 55581,55582: [Backport #12557] * lib/net/http/generic_rquest.rb (write_header): A Request-Line must not contain CR or LF. Modified directories: branches/ruby_2_2/ Modified files: branches/ruby_2_2/ChangeLog branches/ruby_2_2/lib/net/http/generic_request.rb branches/ruby_2_2/test/net/http/test_http.rb branches/ruby_2_2/version.h Index: ruby_2_2/ChangeLog =================================================================== --- ruby_2_2/ChangeLog (revision 55873) +++ ruby_2_2/ChangeLog (revision 55874) @@ -1,3 +1,8 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_2/ChangeLog#L1 +Fri Aug 12 11:45:02 2016 Shugo Maeda <shugo@r...> + + * lib/net/http/generic_rquest.rb (write_header): A Request-Line must + not contain CR or LF. + Fri Aug 12 11:41:41 2016 Shugo Maeda <shugo@r...> * lib/net/ftp.rb (putline): raise an ArgumentError when Index: ruby_2_2/test/net/http/test_http.rb =================================================================== --- ruby_2_2/test/net/http/test_http.rb (revision 55873) +++ ruby_2_2/test/net/http/test_http.rb (revision 55874) @@ -291,6 +291,17 @@ module TestNetHTTP_version_1_1_methods https://github.com/ruby/ruby/blob/trunk/ruby_2_2/test/net/http/test_http.rb#L291 assert_equal $test_net_http_data, res.body end + def test_get__crlf + start {|http| + assert_raise(ArgumentError) do + http.get("\r") + end + assert_raise(ArgumentError) do + http.get("\n") + end + } + end + def test_get2 start {|http| http.get2('/') {|res| Index: ruby_2_2/lib/net/http/generic_request.rb =================================================================== --- ruby_2_2/lib/net/http/generic_request.rb (revision 55873) +++ ruby_2_2/lib/net/http/generic_request.rb (revision 55874) @@ -320,7 +320,12 @@ class Net::HTTPGenericRequest https://github.com/ruby/ruby/blob/trunk/ruby_2_2/lib/net/http/generic_request.rb#L320 end def write_header(sock, ver, path) - buf = "#{@method} #{path} HTTP/#{ver}\r\n" + reqline = "#{@method} #{path} HTTP/#{ver}" + if /[\r\n]/ =~ reqline + raise ArgumentError, "A Request-Line must not contain CR or LF" + end + buf = "" + buf << reqline << "\r\n" each_capitalized do |k,v| buf << "#{k}: #{v}\r\n" end Index: ruby_2_2/version.h =================================================================== --- ruby_2_2/version.h (revision 55873) +++ ruby_2_2/version.h (revision 55874) @@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_2/version.h#L1 #define RUBY_VERSION "2.2.6" #define RUBY_RELEASE_DATE "2016-08-12" -#define RUBY_PATCHLEVEL 346 +#define RUBY_PATCHLEVEL 347 #define RUBY_RELEASE_YEAR 2016 #define RUBY_RELEASE_MONTH 8 Property changes on: ruby_2_2 ___________________________________________________________________ Modified: svn:mergeinfo Merged /trunk:r55581-55582 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/