From 2b17d2f2970d382ac61d15d66f46d1c56f8f2598 Mon Sep 17 00:00:00 2001
From: Nobuyoshi Nakada <nobu@ruby-lang.org>
Date: Thu, 3 Jun 2021 15:36:38 +0900
Subject: [ruby/net-protocol] Get rid of `__send__`

Mitigate the security risk:
https://devcraft.io/2021/01/07/universal-deserialisation-gadget-for-ruby-2-x-3-x.html

https://github.com/ruby/net-protocol/commit/a9970437e8
---
 lib/net/protocol.rb | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'lib/net/protocol.rb')

diff --git a/lib/net/protocol.rb b/lib/net/protocol.rb
index edf2ed5a00..0afac2a02a 100644
--- a/lib/net/protocol.rb
+++ b/lib/net/protocol.rb
@@ -383,7 +383,7 @@ module Net # :nodoc:
       len = writing {
         using_each_crlf_line {
           begin
-            block.call(WriteAdapter.new(self, :write_message_0))
+            block.call(WriteAdapter.new(self.method(:write_message_0)))
           rescue LocalJumpError
             # allow `break' from writer block
           end
@@ -447,17 +447,16 @@ module Net # :nodoc:
   # The writer adapter class
   #
   class WriteAdapter
-    def initialize(socket, method)
-      @socket = socket
-      @method_id = method
+    def initialize(writer)
+      @writer = writer
     end
 
     def inspect
-      "#<#{self.class} socket=#{@socket.inspect}>"
+      "#<#{self.class} writer=#{@writer.inspect}>"
     end
 
     def write(str)
-      @socket.__send__(@method_id, str)
+      @writer.call(str)
     end
 
     alias print write
-- 
cgit v1.2.3