- Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to

  prevent readline() calls from consuming too much memory.  Patch by Jyrki
  Pulliainen.

1 files changed, 10 insertions, 1 deletions

diff --git a/Lib/nntplib.py b/Lib/nntplib.py
index 2dc82a9..56e41a3 100644
--- a/Lib/nntplib.py
+++ b/Lib/nntplib.py
@@ -37,6 +37,13 @@ __all__ = ["NNTP","NNTPReplyError","NNTPTemporaryError",
            "error_reply","error_temp","error_perm","error_proto",
            "error_data",]
 
+# maximal line length when calling readline(). This is to prevent
+# reading arbitrary lenght lines. RFC 3977 limits NNTP line length to
+# 512 characters, including CRLF. We have selected 2048 just to be on
+# the safe side.
+_MAXLINE = 2048
+
+
 # Exceptions raised when an error or invalid response is received
 class NNTPError(Exception):
     """Base class for all nntplib exceptions"""
@@ -200,7 +207,9 @@ class NNTP:
     def getline(self):
         """Internal: return one line from the server, stripping CRLF.
         Raise EOFError if the connection is closed."""
-        line = self.file.readline()
+        line = self.file.readline(_MAXLINE + 1)
+        if len(line) > _MAXLINE:
+            raise NNTPDataError('line too long')
         if self.debugging > 1:
             print '*get*', repr(line)
         if not line: raise EOFError