diff options
| author | Georg Brandl <georg@python.org> | 2013-10-27 06:29:47 (GMT) |
|---|---|---|
| committer | Georg Brandl <georg@python.org> | 2013-10-27 06:29:47 (GMT) |
| commit | 28e78414f9175774f26d8c564c7c1d3b078f99de (patch) | |
| tree | c7d39909d04b0b9f313083b4c8e9da197662c397 /Lib/test/test_nntplib.py | |
| parent | 7e27abbb3936e9a7baea13ceeac6abd256bc0d6f (diff) | |
| download | cpython-28e78414f9175774f26d8c564c7c1d3b078f99de.zip cpython-28e78414f9175774f26d8c564c7c1d3b078f99de.tar.gz cpython-28e78414f9175774f26d8c564c7c1d3b078f99de.tar.bz2 | |
Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to
prevent readline() calls from consuming too much memory. Patch by Jyrki
Pulliainen.
Diffstat (limited to 'Lib/test/test_nntplib.py')
| -rw-r--r-- | Lib/test/test_nntplib.py | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/Lib/test/test_nntplib.py b/Lib/test/test_nntplib.py index 19fb10a..5ab87c4 100644 --- a/Lib/test/test_nntplib.py +++ b/Lib/test/test_nntplib.py @@ -584,6 +584,11 @@ class NNTPv1Handler: <a4929a40-6328-491a-aaaf-cb79ed7309a2@q2g2000vbk.googlegroups.com> <f30c0419-f549-4218-848f-d7d0131da931@y3g2000vbm.googlegroups.com> .""") + elif (group == 'comp.lang.python' and + date_str in ('20100101', '100101') and + time_str == '090000'): + self.push_lit('too long line' * 3000 + + '\n.') else: self.push_lit("""\ 230 An empty list of newsarticles follows @@ -1179,6 +1184,11 @@ class NNTPv1v2TestsMixin: self.assertEqual(cm.exception.response, "435 Article not wanted") + def test_too_long_lines(self): + dt = datetime.datetime(2010, 1, 1, 9, 0, 0) + self.assertRaises(nntplib.NNTPDataError, + self.server.newnews, "comp.lang.python", dt) + class NNTPv1Tests(NNTPv1v2TestsMixin, MockedNNTPTestsMixin, unittest.TestCase): """Tests an NNTP v1 server (no capabilities).""" |