diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | lib/net/ftp.rb | 3 | ||||
-rw-r--r-- | test/net/ftp/test_ftp.rb | 11 | ||||
-rw-r--r-- | version.h | 2 |
4 files changed, 19 insertions, 2 deletions
@@ -1,3 +1,8 @@ +Fri Aug 12 11:41:41 2016 Shugo Maeda <shugo@ruby-lang.org> + + * lib/net/ftp.rb (putline): raise an ArgumentError when + CR or LF is included in a line. + Fri Aug 12 11:21:24 2016 Nobuyoshi Nakada <nobu@ruby-lang.org> * string.c (tr_trans): consider terminator length and fix heap diff --git a/lib/net/ftp.rb b/lib/net/ftp.rb index 5b63764625..c9b80c6804 100644 --- a/lib/net/ftp.rb +++ b/lib/net/ftp.rb @@ -280,6 +280,9 @@ module Net if @debug_mode print "put: ", sanitize(line), "\n" end + if /[\r\n]/ =~ line + raise ArgumentError, "A line must not contain CR or LF" + end line = line + CRLF @sock.write(line) end diff --git a/test/net/ftp/test_ftp.rb b/test/net/ftp/test_ftp.rb index c0d06bda7e..cb311695d0 100644 --- a/test/net/ftp/test_ftp.rb +++ b/test/net/ftp/test_ftp.rb @@ -815,8 +815,17 @@ class FTPTest < Test::Unit::TestCase end end - private + def test_putline_reject_crlf + ftp = Net::FTP.new + assert_raise(ArgumentError) do + ftp.send(:putline, "\r") + end + assert_raise(ArgumentError) do + ftp.send(:putline, "\n") + end + end + private def create_ftp_server(sleep_time = nil) server = TCPServer.new(SERVER_ADDR, 0) @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.2.6" #define RUBY_RELEASE_DATE "2016-08-12" -#define RUBY_PATCHLEVEL 345 +#define RUBY_PATCHLEVEL 346 #define RUBY_RELEASE_YEAR 2016 #define RUBY_RELEASE_MONTH 8 |