Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.1:Update
ruby2.1.6699
0008-A-Request-Line-must-not-contain-CR-or-LF.p...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0008-A-Request-Line-must-not-contain-CR-or-LF.patch of Package ruby2.1.6699
From 8a7e7777f5d1c0d3fda23dd9560f5314ec01ce3c Mon Sep 17 00:00:00 2001 From: shugo <shugo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> Date: Wed, 6 Jul 2016 00:01:20 +0000 Subject: [PATCH 08/13] A Request-Line must not contain CR or LF. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55581 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- lib/net/http/generic_request.rb | 7 ++++++- test/net/http/test_http.rb | 8 ++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/lib/net/http/generic_request.rb b/lib/net/http/generic_request.rb index b51034c7ea..51fecdf99f 100644 --- a/lib/net/http/generic_request.rb +++ b/lib/net/http/generic_request.rb @@ -317,7 +317,12 @@ class Net::HTTPGenericRequest end def write_header(sock, ver, path) - buf = "#{@method} #{path} HTTP/#{ver}\r\n" + reqline = "#{@method} #{path} HTTP/#{ver}" + if /[\r\n]/ =~ reqline + raise ArgumentError, "A Request-Line must not contain CR or LF" + end + buf = "" + buf << reqline << "\r\n" each_capitalized do |k,v| buf << "#{k}: #{v}\r\n" end diff --git a/test/net/http/test_http.rb b/test/net/http/test_http.rb index 7d9c2b09d1..2a4b5184b2 100644 --- a/test/net/http/test_http.rb +++ b/test/net/http/test_http.rb @@ -291,6 +291,14 @@ module TestNetHTTP_version_1_1_methods assert_equal $test_net_http_data, res.body end + def test_get__crlf + start {|http| + assert_raise(ArgumentError) do + http.get("\r") + end + } + end + def test_get2 start {|http| http.get2('/') {|res| -- 2.12.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
