From 55992aa430506f22cd421dc39929bbd9c0e40289 Mon Sep 17 00:00:00 2001
From: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 15 Aug 2016 20:00:09 +0000
Subject: merge revision(s) 55581,55582,55880: [Backport #12557]

	* lib/net/http/generic_request.rb (write_header): A Request-Line must
	  not contain CR or LF.

	* lib/net/http/generic_request.rb (write_header): A Request-Line must


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@55912 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 lib/net/http/generic_request.rb | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/net/http/generic_request.rb b/lib/net/http/generic_request.rb
index 19602da27c..6c5ceafe61 100644
--- a/lib/net/http/generic_request.rb
+++ b/lib/net/http/generic_request.rb
@@ -321,7 +321,12 @@ class Net::HTTPGenericRequest
   end
 
   def write_header(sock, ver, path)
-    buf = "#{@method} #{path} HTTP/#{ver}\r\n"
+    reqline = "#{@method} #{path} HTTP/#{ver}"
+    if /[\r\n]/ =~ reqline
+      raise ArgumentError, "A Request-Line must not contain CR or LF"
+    end
+    buf = ""
+    buf << reqline << "\r\n"
     each_capitalized do |k,v|
       buf << "#{k}: #{v}\r\n"
     end
-- 
cgit v1.2.3