* lib/net/pop.rb: check for invalid APOP timestamp. (CVE-2007-1558)

[ruby-dev:36631] * test/net/pop/test_pop.rb: ditto. git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@19776 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: kazu <kazu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2008-10-14 02:22:46 +0000
committer: kazu <kazu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2008-10-14 02:22:46 +0000
commit: 7809a9a1128cb46441f08b35318f7ae33f6ef44b (patch)
tree: 01505263c1df1640a380ebc90f806b45238906ed /lib
parent: b80cc7b84703b51b31f8bddbab62361f6f36eed0 (diff)
download: ruby-7809a9a1128cb46441f08b35318f7ae33f6ef44b.tar.gz
ruby-7809a9a1128cb46441f08b35318f7ae33f6ef44b.tar.xz
ruby-7809a9a1128cb46441f08b35318f7ae33f6ef44b.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/net/pop.rb b/lib/net/pop.rb
index a8e998723..7d234c191 100644
--- a/lib/net/pop.rb
+++ b/lib/net/pop.rb
@@ -870,7 +870,7 @@ module Net
       @socket = sock
       @error_occured = false
       res = check_response(critical { recv_response() })
-      @apop_stamp = res.slice(/<.+>/)
+      @apop_stamp = res.slice(/<[!-~]+@[!-~]+>/)
     end
 
     attr_reader :socket
author	kazu <kazu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2008-10-14 02:22:46 +0000
committer	kazu <kazu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2008-10-14 02:22:46 +0000
commit	7809a9a1128cb46441f08b35318f7ae33f6ef44b (patch)
tree	01505263c1df1640a380ebc90f806b45238906ed /lib
parent	b80cc7b84703b51b31f8bddbab62361f6f36eed0 (diff)
download	ruby-7809a9a1128cb46441f08b35318f7ae33f6ef44b.tar.gz ruby-7809a9a1128cb46441f08b35318f7ae33f6ef44b.tar.xz ruby-7809a9a1128cb46441f08b35318f7ae33f6ef44b.zip