diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | test/net/ftp/test_ftp.rb | 18 | ||||
-rw-r--r-- | version.h | 2 |
3 files changed, 24 insertions, 1 deletions
@@ -1,3 +1,8 @@ +Thu Dec 14 23:53:41 2017 NAKAMURA Usaku <usa@ruby-lang.org> + + * test/net/ftp/test_ftp.rb (process_port_or_eprt): merge a part of + r56973 to pass the test introduced at previous commit. + Thu Dec 14 22:55:05 2017 Shugo Maeda <shugo@ruby-lang.org> Fix a command injection vulnerability in Net::FTP. diff --git a/test/net/ftp/test_ftp.rb b/test/net/ftp/test_ftp.rb index ae07a59056..fbb3bf246e 100644 --- a/test/net/ftp/test_ftp.rb +++ b/test/net/ftp/test_ftp.rb @@ -1900,4 +1900,22 @@ EOF end end end + + def process_port_or_eprt(sock, line) + case line + when /\APORT (.*)/ + port_args = $1.split(/,/) + host = port_args[0, 4].join(".") + port = port_args[4, 2].map(&:to_i).inject {|x, y| (x << 8) + y} + sock.print("200 PORT command successful.\r\n") + return host, port + when /\AEPRT \|2\|(.*?)\|(.*?)\|/ + host = $1 + port = $2.to_i + sock.print("200 EPRT command successful.\r\n") + return host, port + else + flunk "PORT or EPRT expected" + end + end end @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.3.6" #define RUBY_RELEASE_DATE "2017-12-14" -#define RUBY_PATCHLEVEL 383 +#define RUBY_PATCHLEVEL 384 #define RUBY_RELEASE_YEAR 2017 #define RUBY_RELEASE_MONTH 12 |