#16042: CVE-2013-1752: Limit amount of data read by limiting the call to readline().

The SSLFakeFile.readline() method needs to support limiting readline() as well. It's not a full emulation of readline()'s signature, but this class is only used by smtplib's code, so it doesn't have to be. Modified version of original patch by Christian Heimes.
author: Andrew Kuchling <amk@amk.ca> 2013-09-15 17:11:47 (GMT)
committer: Andrew Kuchling <amk@amk.ca> 2013-09-15 17:11:47 (GMT)
commit: 503baf9ecd2cc5fb0bb85cec99c300862c02de85 (patch)
tree: 8817cfd798230c1c1ad0aa5d8c5a4ba2e6bc7f32 /Lib/test
parent: ed9884b2d0d5f1d4b1a8b252c4cd702095e0fc23 (diff)
download: cpython-503baf9ecd2cc5fb0bb85cec99c300862c02de85.zip
cpython-503baf9ecd2cc5fb0bb85cec99c300862c02de85.tar.gz
cpython-503baf9ecd2cc5fb0bb85cec99c300862c02de85.tar.bz2
1 files changed, 28 insertions, 1 deletions
diff --git a/Lib/test/test_smtplib.py b/Lib/test/test_smtplib.py
index 644cbf7..5b2cf54 100644
--- a/Lib/test/test_smtplib.py
+++ b/Lib/test/test_smtplib.py
@@ -273,6 +273,32 @@ class BadHELOServerTests(TestCase):
                             HOST, self.port, 'localhost', 3)
 
 
+class TooLongLineTests(TestCase):
+    respdata = '250 OK' + ('.' * smtplib._MAXLINE * 2) + '\n'
+
+    def setUp(self):
+        self.old_stdout = sys.stdout
+        self.output = StringIO.StringIO()
+        sys.stdout = self.output
+
+        self.evt = threading.Event()
+        self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        self.sock.settimeout(15)
+        self.port = test_support.bind_port(self.sock)
+        servargs = (self.evt, self.respdata, self.sock)
+        threading.Thread(target=server, args=servargs).start()
+        self.evt.wait()
+        self.evt.clear()
+
+    def tearDown(self):
+        self.evt.wait()
+        sys.stdout = self.old_stdout
+
+    def testLineTooLong(self):
+        self.assertRaises(smtplib.SMTPResponseException, smtplib.SMTP,
+                          HOST, self.port, 'localhost', 3)
+
+
 sim_users = {'Mr.A@somewhere.com':'John A',
              'Ms.B@somewhere.com':'Sally B',
              'Mrs.C@somewhereesle.com':'Ruth C',
@@ -482,7 +508,8 @@ class SMTPSimTests(TestCase):
 def test_main(verbose=None):
     test_support.run_unittest(GeneralTests, DebuggingServerTests,
                               NonConnectingTests,
-                              BadHELOServerTests, SMTPSimTests)
+                              BadHELOServerTests, SMTPSimTests,
+                              TooLongLineTests)
 
 if __name__ == '__main__':
     test_main()
author	Andrew Kuchling <amk@amk.ca>	2013-09-15 17:11:47 (GMT)
committer	Andrew Kuchling <amk@amk.ca>	2013-09-15 17:11:47 (GMT)
commit	503baf9ecd2cc5fb0bb85cec99c300862c02de85 (patch)
tree	8817cfd798230c1c1ad0aa5d8c5a4ba2e6bc7f32 /Lib/test
parent	ed9884b2d0d5f1d4b1a8b252c4cd702095e0fc23 (diff)
download	cpython-503baf9ecd2cc5fb0bb85cec99c300862c02de85.zip cpython-503baf9ecd2cc5fb0bb85cec99c300862c02de85.tar.gz cpython-503baf9ecd2cc5fb0bb85cec99c300862c02de85.tar.bz2