RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://github.com/python/cpython/commit/b3ac84322fe6dd542aa755779cdbc155edca8064 below:

fix unlimited read from connection in nntplib. · python/cpython@b3ac843 · GitHub

File tree Expand file treeCollapse file tree 3 files changed

+24

-1

lines changed

Filter options

Expand file treeCollapse file tree 3 files changed

+24

-1

lines changed Original file line number Diff line number Diff line change


 @@ -85,6 +85,13 @@

85 85


 "decode_header",

86 86

87 87 88

+
 # maximal line length when calling readline(). This is to prevent

89

+
 # reading arbitrary lenght lines. RFC 3977 limits NNTP line length to

90

+
 # 512 characters, including CRLF. We have selected 2048 just to be on

91

+
 # the safe side.

92

+
 _MAXLINE = 2048

93 + 94 + 88 95


 # Exceptions raised when an error or invalid response is received

89 96


 class NNTPError(Exception):

90 97


 """Base class for all nntplib exceptions"""


 @@ -410,7 +417,9 @@ def _getline(self, strip_crlf=True):

410 417


 """Internal: return one line from the server, stripping _CRLF.

411 418


  Raise EOFError if the connection is closed.

412 419


  Returns a bytes object."""

413

-
 line = self.file.readline()

420

+
 line = self.file.readline(_MAXLINE +1)

421

+
 if len(line) > _MAXLINE:

422

+
 raise NNTPDataError('line too long')

414 423


 if self.debugging > 1:

415 424


 print('*get*', repr(line))

416 425


 if not line: raise EOFError

Original file line number Diff line number Diff line change


 @@ -563,6 +563,11 @@ def handle_NEWNEWS(self, group, date_str, time_str):

563 563


  <a4929a40-6328-491a-aaaf-cb79ed7309a2@q2g2000vbk.googlegroups.com>

564 564


  <f30c0419-f549-4218-848f-d7d0131da931@y3g2000vbm.googlegroups.com>

565 565


  .""")

566

+
 elif (group == 'comp.lang.python' and

567

+
 date_str in ('20100101', '100101') and

568

+
 time_str == '090000'):

569

+
 self.push_lit('too long line' * 3000 +

570

+
 '\n.')

566 571


 else:

567 572


 self.push_lit("""\

568 573


  230 An empty list of newsarticles follows


 @@ -1158,6 +1163,11 @@ def test_ihave(self):

1158 1163


 self.assertEqual(cm.exception.response,

1159 1164


 "435 Article not wanted")

1160 1165 1166

+
 def test_too_long_lines(self):

1167

+
 dt = datetime.datetime(2010, 1, 1, 9, 0, 0)

1168

+
 self.assertRaises(nntplib.NNTPDataError,

1169

+
 self.server.newnews, "comp.lang.python", dt)

1170 + 1161 1171 1162 1172


 class NNTPv1Tests(NNTPv1v2TestsMixin, MockedNNTPTestsMixin, unittest.TestCase):

1163 1173


 """Tests an NNTP v1 server (no capabilities)."""

Original file line number Diff line number Diff line change


 @@ -16,6 +16,10 @@ Core and Builtins

16 16


 Library

17 17


 -------

18 18 19

+
 - Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to

20

+
 prevent readline() calls from consuming too much memory. Patch by Jyrki

21

+
 Pulliainen.

22 + 19 23


 - Issue #16039: CVE-2013-1752: Change use of readline in imaplib module to limit

20 24


 line length. Patch by Emil Lind.

21 25

You can’t perform that action at this time.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4