diff options
| author | Georg Brandl <georg@python.org> | 2014-01-25 08:02:18 (GMT) |
|---|---|---|
| committer | Georg Brandl <georg@python.org> | 2014-01-25 08:02:18 (GMT) |
| commit | c11435399e7af8317e5a51642ee665347da2b97f (patch) | |
| tree | 45a63ff03df5fda7b9e3c697331165ea5b22bbc0 /Lib/test | |
| parent | f580d5b6f7468abf768a2ee6360168ad92893457 (diff) | |
| download | cpython-c11435399e7af8317e5a51642ee665347da2b97f.zip cpython-c11435399e7af8317e5a51642ee665347da2b97f.tar.gz cpython-c11435399e7af8317e5a51642ee665347da2b97f.tar.bz2 | |
#16042: CVE-2013-1752: smtplib fix for unlimited readline() from socket
Diffstat (limited to 'Lib/test')
| -rw-r--r-- | Lib/test/mock_socket.py | 9 | ||||
| -rw-r--r-- | Lib/test/test_smtplib.py | 30 |
2 files changed, 36 insertions, 3 deletions
diff --git a/Lib/test/mock_socket.py b/Lib/test/mock_socket.py index d09e78c..861bfb2 100644 --- a/Lib/test/mock_socket.py +++ b/Lib/test/mock_socket.py @@ -21,8 +21,13 @@ class MockFile: """ def __init__(self, lines): self.lines = lines - def readline(self): - return self.lines.pop(0) + b'\r\n' + def readline(self, limit=-1): + result = self.lines.pop(0) + b'\r\n' + if limit >= 0: + # Re-insert the line, removing the \r\n we added. + self.lines.insert(0, result[limit:-2]) + result = result[:limit] + return result def close(self): pass diff --git a/Lib/test/test_smtplib.py b/Lib/test/test_smtplib.py index 8d1dbbf..d798068 100644 --- a/Lib/test/test_smtplib.py +++ b/Lib/test/test_smtplib.py @@ -569,6 +569,33 @@ class BadHELOServerTests(unittest.TestCase): HOST, self.port, 'localhost', 3) +@unittest.skipUnless(threading, 'Threading required for this test.') +class TooLongLineTests(unittest.TestCase): + respdata = b'250 OK' + (b'.' * smtplib._MAXLINE * 2) + b'\n' + + def setUp(self): + self.old_stdout = sys.stdout + self.output = io.StringIO() + sys.stdout = self.output + + self.evt = threading.Event() + self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + self.sock.settimeout(15) + self.port = support.bind_port(self.sock) + servargs = (self.evt, self.respdata, self.sock) + threading.Thread(target=server, args=servargs).start() + self.evt.wait() + self.evt.clear() + + def tearDown(self): + self.evt.wait() + sys.stdout = self.old_stdout + + def testLineTooLong(self): + self.assertRaises(smtplib.SMTPResponseException, smtplib.SMTP, + HOST, self.port, 'localhost', 3) + + sim_users = {'Mr.A@somewhere.com':'John A', 'Ms.B@xn--fo-fka.com':'Sally B', 'Mrs.C@somewhereesle.com':'Ruth C', @@ -885,7 +912,8 @@ class SMTPSimTests(unittest.TestCase): def test_main(verbose=None): support.run_unittest(GeneralTests, DebuggingServerTests, NonConnectingTests, - BadHELOServerTests, SMTPSimTests) + BadHELOServerTests, SMTPSimTests, + TooLongLineTests) if __name__ == '__main__': test_main() |