From 6423e5b4f34fbdc1750817e7b94188cbd53000e1 Mon Sep 17 00:00:00 2001
From: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 19 Mar 2018 17:13:41 +0000
Subject: merge revision(s) 61359: [Backport #14208]

	raise error if value contains CR/LF in iniheader of initialize_http_header

	like r59693, initialize_http_header also should raise error. [Bug #14208]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@62848 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 lib/net/http/header.rb | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'lib')

diff --git a/lib/net/http/header.rb b/lib/net/http/header.rb
index 8f3206d363..25ff517ad5 100644
--- a/lib/net/http/header.rb
+++ b/lib/net/http/header.rb
@@ -18,7 +18,11 @@ module Net::HTTPHeader
       if value.nil?
         warn "net/http: warning: nil HTTP header: #{key}" if $VERBOSE
       else
-        @header[key.downcase] = [value.strip]
+        value = value.strip # raise error for invalid byte sequences
+        if value.count("\r\n") > 0
+          raise ArgumentError, 'header field value cannot include CR/LF'
+        end
+        @header[key.downcase] = [value]
       end
     end
   end
@@ -75,8 +79,8 @@ module Net::HTTPHeader
       append_field_value(ary, val)
       @header[key.downcase] = ary
     else
-      val = val.to_s
-      if /[\r\n]/n.match?(val.b)
+      val = val.to_s # for compatibility use to_s instead of to_str
+      if val.b.count("\r\n") > 0
         raise ArgumentError, 'header field value cannnot include CR/LF'
       end
       @header[key.downcase] = [val]
-- 
cgit v1.2.3