diff options
author | Georg Brandl <georg@python.org> | 2014-09-30 12:12:24 (GMT) |
---|---|---|
committer | Georg Brandl <georg@python.org> | 2014-09-30 12:12:24 (GMT) |
commit | c9cb18d3f7e5bf03220c213183ff0caa75905bdd (patch) | |
tree | bb4c815f8ced83c0ee9aa28c521c19e380de10da | |
parent | f0746ca46376647993a47e24051a80fdf679014a (diff) | |
download | cpython-c9cb18d3f7e5bf03220c213183ff0caa75905bdd.zip cpython-c9cb18d3f7e5bf03220c213183ff0caa75905bdd.tar.gz cpython-c9cb18d3f7e5bf03220c213183ff0caa75905bdd.tar.bz2 |
Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by
limiting the call to readline(). Original patch by Michał
Jastrzębski and Giampaolo Rodola.
-rw-r--r-- | Lib/ftplib.py | 23 | ||||
-rw-r--r-- | Lib/test/test_ftplib.py | 22 | ||||
-rw-r--r-- | Misc/NEWS | 4 |
3 files changed, 43 insertions, 6 deletions
diff --git a/Lib/ftplib.py b/Lib/ftplib.py index 8b733cf..74ae1ab 100644 --- a/Lib/ftplib.py +++ b/Lib/ftplib.py @@ -49,6 +49,8 @@ MSG_OOB = 0x1 # Process data out of band # The standard FTP server control port FTP_PORT = 21 +# The sizehint parameter passed to readline() calls +MAXLINE = 8192 # Exception raised when an error or invalid response is received @@ -96,6 +98,7 @@ class FTP: debugging = 0 host = '' port = FTP_PORT + maxline = MAXLINE sock = None file = None welcome = None @@ -190,7 +193,9 @@ class FTP: # Internal: return one line from the server, stripping CRLF. # Raise EOFError if the connection is closed def getline(self): - line = self.file.readline() + line = self.file.readline(self.maxline + 1) + if len(line) > self.maxline: + raise Error("got more than %d bytes" % self.maxline) if self.debugging > 1: print('*get*', self.sanitize(line)) if not line: raise EOFError @@ -444,7 +449,9 @@ class FTP: with self.transfercmd(cmd) as conn, \ conn.makefile('r', encoding=self.encoding) as fp: while 1: - line = fp.readline() + line = fp.readline(self.maxline + 1) + if len(line) > self.maxline: + raise Error("got more than %d bytes" % self.maxline) if self.debugging > 2: print('*retr*', repr(line)) if not line: break @@ -494,7 +501,9 @@ class FTP: self.voidcmd('TYPE A') with self.transfercmd(cmd) as conn: while 1: - buf = fp.readline() + buf = fp.readline(self.maxline + 1) + if len(buf) > self.maxline: + raise Error("got more than %d bytes" % self.maxline) if not buf: break if buf[-2:] != B_CRLF: if buf[-1] in B_CRLF: buf = buf[:-1] @@ -741,7 +750,9 @@ else: fp = conn.makefile('r', encoding=self.encoding) try: while 1: - line = fp.readline() + line = fp.readline(self.maxline + 1) + if len(line) > self.maxline: + raise Error("got more than %d bytes" % self.maxline) if self.debugging > 2: print('*retr*', repr(line)) if not line: break @@ -779,7 +790,9 @@ else: conn = self.transfercmd(cmd) try: while 1: - buf = fp.readline() + buf = fp.readline(self.maxline + 1) + if len(buf) > self.maxline: + raise Error("got more than %d bytes" % self.maxline) if not buf: break if buf[-2:] != B_CRLF: if buf[-1] in B_CRLF: buf = buf[:-1] diff --git a/Lib/test/test_ftplib.py b/Lib/test/test_ftplib.py index 71bc23e..79a4ec7 100644 --- a/Lib/test/test_ftplib.py +++ b/Lib/test/test_ftplib.py @@ -70,6 +70,7 @@ class DummyFTPHandler(asynchat.async_chat): self.last_received_data = '' self.next_response = '' self.rest = None + self.next_retr_data = RETR_DATA self.push('220 welcome') def collect_incoming_data(self, data): @@ -199,7 +200,7 @@ class DummyFTPHandler(asynchat.async_chat): offset = int(self.rest) else: offset = 0 - self.dtp.push(RETR_DATA[offset:]) + self.dtp.push(self.next_retr_data[offset:]) self.dtp.close_when_done() self.rest = None @@ -213,6 +214,11 @@ class DummyFTPHandler(asynchat.async_chat): self.dtp.push(NLST_DATA) self.dtp.close_when_done() + def cmd_setlongretr(self, arg): + # For testing. Next RETR will return long line. + self.next_retr_data = 'x' * int(arg) + self.push('125 setlongretr ok') + class DummyFTPServer(asyncore.dispatcher, threading.Thread): @@ -628,6 +634,20 @@ class TestFTPClass(TestCase): self.assertEqual(ftplib.parse257('257 "/foo/b""ar"'), '/foo/b"ar') self.assertEqual(ftplib.parse257('257 "/foo/b""ar" created'), '/foo/b"ar') + def test_line_too_long(self): + self.assertRaises(ftplib.Error, self.client.sendcmd, + 'x' * self.client.maxline * 2) + + def test_retrlines_too_long(self): + self.client.sendcmd('SETLONGRETR %d' % (self.client.maxline * 2)) + received = [] + self.assertRaises(ftplib.Error, + self.client.retrlines, 'retr', received.append) + + def test_storlines_too_long(self): + f = io.BytesIO(b'x' * self.client.maxline * 2) + self.assertRaises(ftplib.Error, self.client.storlines, 'stor', f) + class TestIPv6Environment(TestCase): @@ -10,6 +10,10 @@ What's New in Python 3.2.6? Library ------- +- Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by + limiting the call to readline(). Original patch by Michał + Jastrzębski and Giampaolo Rodola. + - Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than 100 headers are read. Adapted from patch by Jyrki Pulliainen. |