diff options
| author | Georg Brandl <georg@python.org> | 2014-09-30 14:00:09 (GMT) |
|---|---|---|
| committer | Georg Brandl <georg@python.org> | 2014-09-30 14:00:09 (GMT) |
| commit | fd9262cf2a044f6909530cdb565f38e13ff98263 (patch) | |
| tree | b8224d9c5325d802b7b1506121c4c7bcce1718b2 | |
| parent | 0840b415829f7fab8db48e1b38bbbfc7da2df8c0 (diff) | |
| download | cpython-fd9262cf2a044f6909530cdb565f38e13ff98263.zip cpython-fd9262cf2a044f6909530cdb565f38e13ff98263.tar.gz cpython-fd9262cf2a044f6909530cdb565f38e13ff98263.tar.bz2 | |
Issue #16039: CVE-2013-1752: Change use of readline in imaplib module to limit
line length. Patch by Emil Lind.
| -rw-r--r-- | Lib/imaplib.py | 14 | ||||
| -rw-r--r-- | Lib/test/test_imaplib.py | 11 | ||||
| -rw-r--r-- | Misc/NEWS | 3 |
3 files changed, 27 insertions, 1 deletions
diff --git a/Lib/imaplib.py b/Lib/imaplib.py index e2a0581..9950761 100644 --- a/Lib/imaplib.py +++ b/Lib/imaplib.py @@ -42,6 +42,15 @@ IMAP4_PORT = 143 IMAP4_SSL_PORT = 993 AllowedVersions = ('IMAP4REV1', 'IMAP4') # Most recent first +# Maximal line length when calling readline(). This is to prevent +# reading arbitrary length lines. RFC 3501 and 2060 (IMAP 4rev1) +# don't specify a line length. RFC 2683 however suggests limiting client +# command lines to 1000 octets and server command lines to 8000 octets. +# We have selected 10000 for some extra margin and since that is supposedly +# also what UW and Panda IMAP does. +_MAXLINE = 10000 + + # Commands Commands = { @@ -263,7 +272,10 @@ class IMAP4: def readline(self): """Read line from remote.""" - return self.file.readline() + line = self.file.readline(_MAXLINE + 1) + if len(line) > _MAXLINE: + raise self.error("got more than %d bytes" % _MAXLINE) + return line def send(self, data): diff --git a/Lib/test/test_imaplib.py b/Lib/test/test_imaplib.py index 6b29943..62feea7 100644 --- a/Lib/test/test_imaplib.py +++ b/Lib/test/test_imaplib.py @@ -309,6 +309,17 @@ class BaseThreadedNetworkedTests(unittest.TestCase): self.assertEqual(ret, "OK") + def test_linetoolong(self): + class TooLongHandler(SimpleIMAPHandler): + def handle(self): + # Send a very long response line + self.wfile.write(b'* OK ' + imaplib._MAXLINE*b'x' + b'\r\n') + + with self.reaped_server(TooLongHandler) as server: + self.assertRaises(imaplib.IMAP4.error, + self.imap_class, *server.server_address) + + class ThreadedNetworkedTests(BaseThreadedNetworkedTests): server_class = socketserver.TCPServer @@ -10,6 +10,9 @@ What's New in Python 3.2.6? Library ------- +- Issue #16039: CVE-2013-1752: Change use of readline in imaplib module to limit + line length. Patch by Emil Lind. + - Issue #22421: Fix a regression that caused the pydoc server to be bound to all interfaces instead of only localhost. |