diff options
| author | Georg Brandl <georg@python.org> | 2013-10-27 06:46:09 (GMT) |
|---|---|---|
| committer | Georg Brandl <georg@python.org> | 2013-10-27 06:46:09 (GMT) |
| commit | b89b5df9c9aa2e45bfffa95f5e3deb6234232c93 (patch) | |
| tree | fd9bfa96b2e5cbc69acc235dd15dd682c10fc00e /Lib/nntplib.py | |
| parent | 68457be619b919127d0858322ce84e901fd89728 (diff) | |
| parent | 045ee06ae91a1503a8d512929c54e16deabfe9a8 (diff) | |
| download | cpython-b89b5df9c9aa2e45bfffa95f5e3deb6234232c93.zip cpython-b89b5df9c9aa2e45bfffa95f5e3deb6234232c93.tar.gz cpython-b89b5df9c9aa2e45bfffa95f5e3deb6234232c93.tar.bz2 | |
merge with 3.3
Diffstat (limited to 'Lib/nntplib.py')
| -rw-r--r-- | Lib/nntplib.py | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/Lib/nntplib.py b/Lib/nntplib.py index 01d4303..9766be3 100644 --- a/Lib/nntplib.py +++ b/Lib/nntplib.py @@ -85,6 +85,13 @@ __all__ = ["NNTP", "decode_header", ] +# maximal line length when calling readline(). This is to prevent +# reading arbitrary lenght lines. RFC 3977 limits NNTP line length to +# 512 characters, including CRLF. We have selected 2048 just to be on +# the safe side. +_MAXLINE = 2048 + + # Exceptions raised when an error or invalid response is received class NNTPError(Exception): """Base class for all nntplib exceptions""" @@ -424,7 +431,9 @@ class _NNTPBase: """Internal: return one line from the server, stripping _CRLF. Raise EOFError if the connection is closed. Returns a bytes object.""" - line = self.file.readline() + line = self.file.readline(_MAXLINE +1) + if len(line) > _MAXLINE: + raise NNTPDataError('line too long') if self.debugging > 1: print('*get*', repr(line)) if not line: raise EOFError |