diff options
| -rw-r--r-- | Lib/nntplib.py | 11 | ||||
| -rw-r--r-- | Lib/test/test_nntplib.py | 10 | ||||
| -rw-r--r-- | Misc/NEWS | 4 |
3 files changed, 24 insertions, 1 deletions
diff --git a/Lib/nntplib.py b/Lib/nntplib.py index 32bffd8..0d4bbbb 100644 --- a/Lib/nntplib.py +++ b/Lib/nntplib.py @@ -85,6 +85,13 @@ __all__ = ["NNTP", "decode_header", ] +# maximal line length when calling readline(). This is to prevent +# reading arbitrary lenght lines. RFC 3977 limits NNTP line length to +# 512 characters, including CRLF. We have selected 2048 just to be on +# the safe side. +_MAXLINE = 2048 + + # Exceptions raised when an error or invalid response is received class NNTPError(Exception): """Base class for all nntplib exceptions""" @@ -410,7 +417,9 @@ class _NNTPBase: """Internal: return one line from the server, stripping _CRLF. Raise EOFError if the connection is closed. Returns a bytes object.""" - line = self.file.readline() + line = self.file.readline(_MAXLINE +1) + if len(line) > _MAXLINE: + raise NNTPDataError('line too long') if self.debugging > 1: print('*get*', repr(line)) if not line: raise EOFError diff --git a/Lib/test/test_nntplib.py b/Lib/test/test_nntplib.py index 7335b23..0875f71 100644 --- a/Lib/test/test_nntplib.py +++ b/Lib/test/test_nntplib.py @@ -563,6 +563,11 @@ class NNTPv1Handler: <a4929a40-6328-491a-aaaf-cb79ed7309a2@q2g2000vbk.googlegroups.com> <f30c0419-f549-4218-848f-d7d0131da931@y3g2000vbm.googlegroups.com> .""") + elif (group == 'comp.lang.python' and + date_str in ('20100101', '100101') and + time_str == '090000'): + self.push_lit('too long line' * 3000 + + '\n.') else: self.push_lit("""\ 230 An empty list of newsarticles follows @@ -1158,6 +1163,11 @@ class NNTPv1v2TestsMixin: self.assertEqual(cm.exception.response, "435 Article not wanted") + def test_too_long_lines(self): + dt = datetime.datetime(2010, 1, 1, 9, 0, 0) + self.assertRaises(nntplib.NNTPDataError, + self.server.newnews, "comp.lang.python", dt) + class NNTPv1Tests(NNTPv1v2TestsMixin, MockedNNTPTestsMixin, unittest.TestCase): """Tests an NNTP v1 server (no capabilities).""" @@ -16,6 +16,10 @@ Core and Builtins Library ------- +- Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to + prevent readline() calls from consuming too much memory. Patch by Jyrki + Pulliainen. + - Issue #16039: CVE-2013-1752: Change use of readline in imaplib module to limit line length. Patch by Emil Lind. |