ruby-changes:43839

nagachika	2016-08-16 05:00:09 +0900 (Tue, 16 Aug 2016)

  New Revision: 55912

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55912

  Log:
    merge revision(s) 55581,55582,55880: [Backport #12557]
    
    * lib/net/http/generic_request.rb (write_header): A Request-Line must
      not contain CR or LF.
    
    * lib/net/http/generic_request.rb (write_header): A Request-Line must

  Modified directories:
    branches/ruby_2_3/
  Modified files:
    branches/ruby_2_3/ChangeLog
    branches/ruby_2_3/lib/net/http/generic_request.rb
    branches/ruby_2_3/test/net/http/test_http.rb
    branches/ruby_2_3/version.h
Index: ruby_2_3/version.h
===================================================================
--- ruby_2_3/version.h	(revision 55911)
+++ ruby_2_3/version.h	(revision 55912)
@@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_3/version.h#L1
 #define RUBY_VERSION "2.3.2"
 #define RUBY_RELEASE_DATE "2016-08-16"
-#define RUBY_PATCHLEVEL 162
+#define RUBY_PATCHLEVEL 163
 
 #define RUBY_RELEASE_YEAR 2016
 #define RUBY_RELEASE_MONTH 8
Index: ruby_2_3/lib/net/http/generic_request.rb
===================================================================
--- ruby_2_3/lib/net/http/generic_request.rb	(revision 55911)
+++ ruby_2_3/lib/net/http/generic_request.rb	(revision 55912)
@@ -321,7 +321,12 @@ class Net::HTTPGenericRequest https://github.com/ruby/ruby/blob/trunk/ruby_2_3/lib/net/http/generic_request.rb#L321
   end
 
   def write_header(sock, ver, path)
-    buf = "#{@method} #{path} HTTP/#{ver}\r\n"
+    reqline = "#{@method} #{path} HTTP/#{ver}"
+    if /[\r\n]/ =~ reqline
+      raise ArgumentError, "A Request-Line must not contain CR or LF"
+    end
+    buf = ""
+    buf << reqline << "\r\n"
     each_capitalized do |k,v|
       buf << "#{k}: #{v}\r\n"
     end
Index: ruby_2_3/test/net/http/test_http.rb
===================================================================
--- ruby_2_3/test/net/http/test_http.rb	(revision 55911)
+++ ruby_2_3/test/net/http/test_http.rb	(revision 55912)
@@ -315,6 +315,17 @@ module TestNetHTTP_version_1_1_methods https://github.com/ruby/ruby/blob/trunk/ruby_2_3/test/net/http/test_http.rb#L315
     assert_equal $test_net_http_data, res.body
   end
 
+  def test_get__crlf
+    start {|http|
+      assert_raise(ArgumentError) do
+        http.get("\r")
+      end
+      assert_raise(ArgumentError) do
+        http.get("\n")
+      end
+    }
+  end
+
   def test_get2
     start {|http|
       http.get2('/') {|res|
Index: ruby_2_3/ChangeLog
===================================================================
--- ruby_2_3/ChangeLog	(revision 55911)
+++ ruby_2_3/ChangeLog	(revision 55912)
@@ -1,3 +1,8 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_3/ChangeLog#L1
+Tue Aug 16 04:57:28 2016  Shugo Maeda  <shugo@r...>
+
+	* lib/net/http/generic_request.rb (write_header): A Request-Line must
+	  not contain CR or LF.
+
 Tue Aug 16 04:54:12 2016  Shugo Maeda  <shugo@r...>
 
 	* lib/net/ftp.rb (putline): raise an ArgumentError when

Property changes on: ruby_2_3
___________________________________________________________________
Modified: svn:mergeinfo
   Merged /trunk:r55581-55582,55880


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/