From a4e774f86224cd8c997deaa4e71312cf1a7b023c Mon Sep 17 00:00:00 2001
From: Dong-hee Na <donghee.na92@gmail.com>
Date: Wed, 26 Jul 2017 13:58:22 +0900
Subject: [3.3] bpo-30119: fix ftplib.FTP.putline() to throw an error for a
 illegal command (#1214) (#2885)

---
 Lib/ftplib.py           | 2 ++
 Lib/test/test_ftplib.py | 6 +++++-
 Misc/NEWS               | 3 +++
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/Lib/ftplib.py b/Lib/ftplib.py
index 5e75e6d..ca7225f 100644
--- a/Lib/ftplib.py
+++ b/Lib/ftplib.py
@@ -185,6 +185,8 @@ class FTP:
 
     # Internal: send one line to the server, appending CRLF
     def putline(self, line):
+        if '\r' in line or '\n' in line:
+            raise ValueError('an illegal newline character should not be contained')
         line = line + CRLF
         if self.debugging > 1: print('*put*', self.sanitize(line))
         self.sock.sendall(line.encode(self.encoding))
diff --git a/Lib/test/test_ftplib.py b/Lib/test/test_ftplib.py
index 6c95c49..c5e6736 100644
--- a/Lib/test/test_ftplib.py
+++ b/Lib/test/test_ftplib.py
@@ -480,6 +480,9 @@ class TestFTPClass(TestCase):
         self.assertEqual(self.client.sanitize('PASS 12345'), repr('PASS *****'))
 
     def test_exceptions(self):
+        self.assertRaises(ValueError, self.client.sendcmd, 'echo 40\r\n0')
+        self.assertRaises(ValueError, self.client.sendcmd, 'echo 40\n0')
+        self.assertRaises(ValueError, self.client.sendcmd, 'echo 40\r0')
         self.assertRaises(ftplib.error_temp, self.client.sendcmd, 'echo 400')
         self.assertRaises(ftplib.error_temp, self.client.sendcmd, 'echo 499')
         self.assertRaises(ftplib.error_perm, self.client.sendcmd, 'echo 500')
@@ -488,7 +491,8 @@ class TestFTPClass(TestCase):
 
     def test_all_errors(self):
         exceptions = (ftplib.error_reply, ftplib.error_temp, ftplib.error_perm,
-                      ftplib.error_proto, ftplib.Error, IOError, EOFError)
+                      ftplib.error_proto, ftplib.Error, OSError,
+                      EOFError)
         for x in exceptions:
             try:
                 raise x('exception not included in all_errors set')
diff --git a/Misc/NEWS b/Misc/NEWS
index 68a3323..2b4d4e7 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -39,6 +39,9 @@ Core and Builtins
 Library
 -------
 
+- bpo-30119: ftplib.FTP.putline() now throws ValueError on commands that contains
+  CR or LF. Patch by Dong-hee Na
+
 - [Security] bpo-30730: Prevent environment variables injection in subprocess on
   Windows.  Prevent passing other invalid environment variables and command arguments.
 
-- 
cgit v0.12