From 554c879f1f0138a3981b9245b397a1a969461c7b Mon Sep 17 00:00:00 2001 From: shugo Date: Wed, 6 Jul 2016 00:01:20 +0000 Subject: [PATCH] * lib/net/http/generic_rquest.rb (write_header): A Request-Line must not contain CR or LF. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55581 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 5 +++++ lib/net/http/generic_request.rb | 7 ++++++- test/net/http/test_http.rb | 8 ++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 53c82a0ca2..294af7f26c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +Wed Jul 6 08:59:35 2016 Shugo Maeda + + * lib/net/http/generic_rquest.rb (write_header): A Request-Line must + not contain CR or LF. + Wed Jul 6 07:11:27 2016 Shugo Maeda * lib/net/ftp.rb (putline): raise an ArgumentError when diff --git a/lib/net/http/generic_request.rb b/lib/net/http/generic_request.rb index 19602da27c..6c5ceafe61 100644 --- a/lib/net/http/generic_request.rb +++ b/lib/net/http/generic_request.rb @@ -321,7 +321,12 @@ class Net::HTTPGenericRequest end def write_header(sock, ver, path) - buf = "#{@method} #{path} HTTP/#{ver}\r\n" + reqline = "#{@method} #{path} HTTP/#{ver}" + if /[\r\n]/ =~ reqline + raise ArgumentError, "A Request-Line must not contain CR or LF" + end + buf = "" + buf << reqline << "\r\n" each_capitalized do |k,v| buf << "#{k}: #{v}\r\n" end diff --git a/test/net/http/test_http.rb b/test/net/http/test_http.rb index 493823549a..697296629c 100644 --- a/test/net/http/test_http.rb +++ b/test/net/http/test_http.rb @@ -315,6 +315,14 @@ module TestNetHTTP_version_1_1_methods assert_equal $test_net_http_data, res.body end + def test_get__crlf + start {|http| + assert_raise(ArgumentError) do + http.get("\r") + end + } + end + def test_get2 start {|http| http.get2('/') {|res|