diff options
Diffstat (limited to 'patchsets/patches-2.2.7-r4/008-net-smtp-validation.patch')
-rw-r--r-- | patchsets/patches-2.2.7-r4/008-net-smtp-validation.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/patchsets/patches-2.2.7-r4/008-net-smtp-validation.patch b/patchsets/patches-2.2.7-r4/008-net-smtp-validation.patch new file mode 100644 index 0000000..0b30c99 --- /dev/null +++ b/patchsets/patches-2.2.7-r4/008-net-smtp-validation.patch @@ -0,0 +1,39 @@ +From 0827a7e52ba3d957a634b063bf5a391239b9ffee Mon Sep 17 00:00:00 2001 +From: shugo <shugo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> +Date: Wed, 8 Jun 2016 07:06:57 +0000 +Subject: [PATCH] * lib/net/smtp.rb (getok, get_response): raise an + ArgumentError when CR or LF is included in a line, because they are not + allowed in RFC5321. + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55324 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + lib/net/smtp.rb | 9 +++++++++ + +diff --git a/lib/net/smtp.rb b/lib/net/smtp.rb +index 250293bdbe21..a7130a593b40 100644 +--- a/lib/net/smtp.rb ++++ b/lib/net/smtp.rb +@@ -926,7 +926,15 @@ def quit + + private + ++ def validate_line(line) ++ # A bare CR or LF is not allowed in RFC5321. ++ if /[\r\n]/ =~ line ++ raise ArgumentError, "A line must not contain CR or LF" ++ end ++ end ++ + def getok(reqline) ++ validate_line reqline + res = critical { + @socket.writeline reqline + recv_response() +@@ -936,6 +944,7 @@ def getok(reqline) + end + + def get_response(reqline) ++ validate_line reqline + @socket.writeline reqline + recv_response() + end |