[Python-checkins] cpython (3.3): Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to
georg.brandl
python-checkins at python.org
Sun Oct 27 07:38:50 CET 2013
http://hg.python.org/cpython/rev/fc88bd80d925
changeset: 86678:fc88bd80d925
branch: 3.3
user: Georg Brandl <georg at python.org>
date: Sun Oct 27 07:29:47 2013 +0100
summary:
Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to
prevent readline() calls from consuming too much memory. Patch by Jyrki
Pulliainen.
files:
Lib/nntplib.py | 11 ++++++++++-
Lib/test/test_nntplib.py | 10 ++++++++++
Misc/NEWS | 4 ++++
3 files changed, 24 insertions(+), 1 deletions(-)
diff --git a/Lib/nntplib.py b/Lib/nntplib.py
--- a/Lib/nntplib.py
+++ b/Lib/nntplib.py
@@ -85,6 +85,13 @@
"decode_header",
]
+# maximal line length when calling readline(). This is to prevent
+# reading arbitrary lenght lines. RFC 3977 limits NNTP line length to
+# 512 characters, including CRLF. We have selected 2048 just to be on
+# the safe side.
+_MAXLINE = 2048
+
+
# Exceptions raised when an error or invalid response is received
class NNTPError(Exception):
"""Base class for all nntplib exceptions"""
@@ -424,7 +431,9 @@
"""Internal: return one line from the server, stripping _CRLF.
Raise EOFError if the connection is closed.
Returns a bytes object."""
- line = self.file.readline()
+ line = self.file.readline(_MAXLINE +1)
+ if len(line) > _MAXLINE:
+ raise NNTPDataError('line too long')
if self.debugging > 1:
print('*get*', repr(line))
if not line: raise EOFError
diff --git a/Lib/test/test_nntplib.py b/Lib/test/test_nntplib.py
--- a/Lib/test/test_nntplib.py
+++ b/Lib/test/test_nntplib.py
@@ -584,6 +584,11 @@
<a4929a40-6328-491a-aaaf-cb79ed7309a2 at q2g2000vbk.googlegroups.com>
<f30c0419-f549-4218-848f-d7d0131da931 at y3g2000vbm.googlegroups.com>
.""")
+ elif (group == 'comp.lang.python' and
+ date_str in ('20100101', '100101') and
+ time_str == '090000'):
+ self.push_lit('too long line' * 3000 +
+ '\n.')
else:
self.push_lit("""\
230 An empty list of newsarticles follows
@@ -1179,6 +1184,11 @@
self.assertEqual(cm.exception.response,
"435 Article not wanted")
+ def test_too_long_lines(self):
+ dt = datetime.datetime(2010, 1, 1, 9, 0, 0)
+ self.assertRaises(nntplib.NNTPDataError,
+ self.server.newnews, "comp.lang.python", dt)
+
class NNTPv1Tests(NNTPv1v2TestsMixin, MockedNNTPTestsMixin, unittest.TestCase):
"""Tests an NNTP v1 server (no capabilities)."""
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -81,6 +81,10 @@
Library
-------
+- Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to
+ prevent readline() calls from consuming too much memory. Patch by Jyrki
+ Pulliainen.
+
- Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to
prevent readline() calls from consuming too much memory. Patch by Jyrki
Pulliainen.
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list