8000 [3.3] bpo-30119: fix ftplib.FTP.putline() to throw an error for a ill… · stackless-dev/stackless@a4e774f · GitHub
[go: up one dir, main page]
Skip to content
This repository was archived by the owner on Feb 13, 2025. It is now read-only.

Commit a4e774f

Browse files
corona10ned-deily
corona10
authored and
ned-deily
committed
[3.3] bpo-30119: fix ftplib.FTP.putline() to throw an error for a illegal command (python#1214) (python#2885)
1 parent 7b92f9f commit a4e774f

File tree

3 files changed

+10
-1
lines changed

3 files changed

+10
-1
lines changed

Lib/ftplib.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -185,6 +185,8 @@ def sanitize(self, s):
185185

186186
# Internal: send one line to the server, appending CRLF
187187
def putline(self, line):
188+
if '\r' in line or '\n' in line:
189+
raise ValueError('an illegal newline character should not be contained')
188190
line = line + CRLF
189191
if self.debugging > 1: print('*put*', self.sanitize(line))
190192
self.sock.sendall(line.encode(self.encoding))

Lib/test/test_ftplib.py

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -480,6 +480,9 @@ def test_sanitize(self):
480480
self.assertEqual(self.client.sanitize('PASS 12345'), repr('PASS *****'))
481481

482482
def test_exceptions(self):
483+
self.assertRaises(ValueError, self.client.sendcmd, 'echo 40\r\n0')
484+
self.assertRaises(ValueError, self.client.sendcmd, 'echo 40\n0')
485+
self.assertRaises(ValueError, self.client.sendcmd, 'echo 40\r0')
483486
self.assertRaises(ftplib.error_temp, self.client.sendcmd, 'echo 400')
484487
self.assertRaises(ftplib.error_temp, self.client.sendcmd, 'echo 499')
485488
self.assertRaises(ftplib.error_perm, self.client.sendcmd, 'echo 500')
@@ -488,7 +491,8 @@ def test_exceptions(self):
488491

489492
def test_all_errors(self):
490493
exceptions = (ftplib.error_reply, ftplib.error_temp, ftplib.error_perm,
491-
ftplib.error_proto, ftplib.Error, IOError, EOFError)
494+
ftplib.error_proto, ftplib.Error, OSError,
495+
EOFError)
492496
for x in exceptions:
493497
try:
494498
raise x('exception not included in all_errors set')

Misc/NEWS

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,9 @@ Core and Builtins
3939
Library
4040
-------
4141

42+
- bpo-30119: ftplib.FTP.putline() now throws ValueError on commands that contains
43+
CR or LF. Patch by Dong-hee Na
44+
4245
- [Security] bpo-30730: Prevent environment variables injection in subprocess on
4346
Windows. Prevent passing other invalid environment variables and command arguments.
4447

0 commit comments

Comments
 (0)
0