churchyard / rpms / python3

Forked from rpms/python3 3 years ago
Clone

Blame 00272-fix-ftplib-to-reject-newlines.patch

Iryna Shcherbina 2c3b222
From 8c2d4cf092c5f0335e7982392a33927579c4d512 Mon Sep 17 00:00:00 2001
Iryna Shcherbina 2c3b222
From: Dong-hee Na <donghee.na92@gmail.com>
Iryna Shcherbina 2c3b222
Date: Wed, 26 Jul 2017 21:11:25 +0900
Iryna Shcherbina 2c3b222
Subject: [PATCH] [3.6] bpo-30119: fix ftplib.FTP.putline() to throw an error
Iryna Shcherbina 2c3b222
 for a illegal command (#1214) (#2886)
Iryna Shcherbina 2c3b222
Iryna Shcherbina 2c3b222
---
Iryna Shcherbina 2c3b222
 Lib/ftplib.py                                                     | 2 ++
Iryna Shcherbina 2c3b222
 Lib/test/test_ftplib.py                                           | 6 +++++-
Iryna Shcherbina 2c3b222
 Misc/NEWS.d/next/Library/2017-07-26-15-15-00.bpo-30119.DZ6C_S.rst | 2 ++
Iryna Shcherbina 2c3b222
 3 files changed, 9 insertions(+), 1 deletion(-)
Iryna Shcherbina 2c3b222
 create mode 100644 Misc/NEWS.d/next/Library/2017-07-26-15-15-00.bpo-30119.DZ6C_S.rst
Iryna Shcherbina 2c3b222
Iryna Shcherbina 2c3b222
diff --git a/Lib/ftplib.py b/Lib/ftplib.py
Iryna Shcherbina 2c3b222
index 8f36f537e8a..a02e595cb02 100644
Iryna Shcherbina 2c3b222
--- a/Lib/ftplib.py
Iryna Shcherbina 2c3b222
+++ b/Lib/ftplib.py
Iryna Shcherbina 2c3b222
@@ -186,6 +186,8 @@ def sanitize(self, s):
Iryna Shcherbina 2c3b222
 
Iryna Shcherbina 2c3b222
     # Internal: send one line to the server, appending CRLF
Iryna Shcherbina 2c3b222
     def putline(self, line):
Iryna Shcherbina 2c3b222
+        if '\r' in line or '\n' in line:
Iryna Shcherbina 2c3b222
+            raise ValueError('an illegal newline character should not be contained')
Iryna Shcherbina 2c3b222
         line = line + CRLF
Iryna Shcherbina 2c3b222
         if self.debugging > 1:
Iryna Shcherbina 2c3b222
             print('*put*', self.sanitize(line))
Iryna Shcherbina 2c3b222
diff --git a/Lib/test/test_ftplib.py b/Lib/test/test_ftplib.py
Iryna Shcherbina 2c3b222
index 12fabc5e8be..a561e9efa03 100644
Iryna Shcherbina 2c3b222
--- a/Lib/test/test_ftplib.py
Iryna Shcherbina 2c3b222
+++ b/Lib/test/test_ftplib.py
Iryna Shcherbina 2c3b222
@@ -484,6 +484,9 @@ def test_sanitize(self):
Iryna Shcherbina 2c3b222
         self.assertEqual(self.client.sanitize('PASS 12345'), repr('PASS *****'))
Iryna Shcherbina 2c3b222
 
Iryna Shcherbina 2c3b222
     def test_exceptions(self):
Iryna Shcherbina 2c3b222
+        self.assertRaises(ValueError, self.client.sendcmd, 'echo 40\r\n0')
Iryna Shcherbina 2c3b222
+        self.assertRaises(ValueError, self.client.sendcmd, 'echo 40\n0')
Iryna Shcherbina 2c3b222
+        self.assertRaises(ValueError, self.client.sendcmd, 'echo 40\r0')
Iryna Shcherbina 2c3b222
         self.assertRaises(ftplib.error_temp, self.client.sendcmd, 'echo 400')
Iryna Shcherbina 2c3b222
         self.assertRaises(ftplib.error_temp, self.client.sendcmd, 'echo 499')
Iryna Shcherbina 2c3b222
         self.assertRaises(ftplib.error_perm, self.client.sendcmd, 'echo 500')
Iryna Shcherbina 2c3b222
@@ -492,7 +495,8 @@ def test_exceptions(self):
Iryna Shcherbina 2c3b222
 
Iryna Shcherbina 2c3b222
     def test_all_errors(self):
Iryna Shcherbina 2c3b222
         exceptions = (ftplib.error_reply, ftplib.error_temp, ftplib.error_perm,
Iryna Shcherbina 2c3b222
-                      ftplib.error_proto, ftplib.Error, OSError, EOFError)
Iryna Shcherbina 2c3b222
+                      ftplib.error_proto, ftplib.Error, OSError,
Iryna Shcherbina 2c3b222
+                      EOFError)
Iryna Shcherbina 2c3b222
         for x in exceptions:
Iryna Shcherbina 2c3b222
             try:
Iryna Shcherbina 2c3b222
                 raise x('exception not included in all_errors set')
Iryna Shcherbina 2c3b222
diff --git a/Misc/NEWS.d/next/Library/2017-07-26-15-15-00.bpo-30119.DZ6C_S.rst b/Misc/NEWS.d/next/Library/2017-07-26-15-15-00.bpo-30119.DZ6C_S.rst
Iryna Shcherbina 2c3b222
new file mode 100644
Iryna Shcherbina 2c3b222
index 00000000000..a37d3703842
Iryna Shcherbina 2c3b222
--- /dev/null
Iryna Shcherbina 2c3b222
+++ b/Misc/NEWS.d/next/Library/2017-07-26-15-15-00.bpo-30119.DZ6C_S.rst
Iryna Shcherbina 2c3b222
@@ -0,0 +1,2 @@
Iryna Shcherbina 2c3b222
+ftplib.FTP.putline() now throws ValueError on commands that contains CR or
Iryna Shcherbina 2c3b222
+LF. Patch by Dong-hee Na.