|
 |
925e6b |
|
|
|
925e6b |
# HG changeset patch
|
|
|
925e6b |
# User Benjamin Peterson <benjamin@python.org>
|
|
|
925e6b |
# Date 1417827918 18000
|
|
|
925e6b |
# Node ID 923aac88a3cc76a95d5a04d9d3ece245147a8064
|
|
|
925e6b |
# Parent 339f877cca115c1901f5dd93d7bc066031d2a669
|
|
|
925e6b |
smtplib: limit amount read from the network (closes #16042)
|
|
|
925e6b |
|
|
|
925e6b |
diff --git a/Lib/smtplib.py b/Lib/smtplib.py
|
|
|
925e6b |
--- a/Lib/smtplib.py
|
|
|
925e6b |
+++ b/Lib/smtplib.py
|
|
|
925e6b |
@@ -57,6 +57,7 @@ from sys import stderr
|
|
|
925e6b |
SMTP_PORT = 25
|
|
|
925e6b |
SMTP_SSL_PORT = 465
|
|
|
925e6b |
CRLF = "\r\n"
|
|
|
925e6b |
+_MAXLINE = 8192 # more than 8 times larger than RFC 821, 4.5.3
|
|
|
925e6b |
|
|
|
925e6b |
OLDSTYLE_AUTH = re.compile(r"auth=(.*)", re.I)
|
|
|
925e6b |
|
|
|
925e6b |
@@ -179,10 +180,14 @@ else:
|
|
|
925e6b |
def __init__(self, sslobj):
|
|
|
925e6b |
self.sslobj = sslobj
|
|
|
925e6b |
|
|
|
925e6b |
- def readline(self):
|
|
|
925e6b |
+ def readline(self, size=-1):
|
|
|
925e6b |
+ if size < 0:
|
|
|
925e6b |
+ size = None
|
|
|
925e6b |
str = ""
|
|
|
925e6b |
chr = None
|
|
|
925e6b |
while chr != "\n":
|
|
|
925e6b |
+ if size is not None and len(str) >= size:
|
|
|
925e6b |
+ break
|
|
|
925e6b |
chr = self.sslobj.read(1)
|
|
|
925e6b |
if not chr:
|
|
|
925e6b |
break
|
|
|
925e6b |
@@ -353,7 +358,7 @@ class SMTP:
|
|
|
925e6b |
self.file = self.sock.makefile('rb')
|
|
|
925e6b |
while 1:
|
|
|
925e6b |
try:
|
|
|
925e6b |
- line = self.file.readline()
|
|
|
925e6b |
+ line = self.file.readline(_MAXLINE + 1)
|
|
|
925e6b |
except socket.error as e:
|
|
|
925e6b |
self.close()
|
|
|
925e6b |
raise SMTPServerDisconnected("Connection unexpectedly closed: "
|
|
|
925e6b |
@@ -363,6 +368,8 @@ class SMTP:
|
|
|
925e6b |
raise SMTPServerDisconnected("Connection unexpectedly closed")
|
|
|
925e6b |
if self.debuglevel > 0:
|
|
|
925e6b |
print>>stderr, 'reply:', repr(line)
|
|
|
925e6b |
+ if len(line) > _MAXLINE:
|
|
|
925e6b |
+ raise SMTPResponseException(500, "Line too long.")
|
|
|
925e6b |
resp.append(line[4:].strip())
|
|
|
925e6b |
code = line[:3]
|
|
|
925e6b |
# Check that the error code is syntactically correct.
|
|
|
925e6b |
diff --git a/Lib/test/test_smtplib.py b/Lib/test/test_smtplib.py
|
|
|
925e6b |
--- a/Lib/test/test_smtplib.py
|
|
|
925e6b |
+++ b/Lib/test/test_smtplib.py
|
|
|
925e6b |
@@ -292,6 +292,33 @@ class BadHELOServerTests(unittest.TestCa
|
|
|
925e6b |
HOST, self.port, 'localhost', 3)
|
|
|
925e6b |
|
|
|
925e6b |
|
|
|
925e6b |
+@unittest.skipUnless(threading, 'Threading required for this test.')
|
|
|
925e6b |
+class TooLongLineTests(unittest.TestCase):
|
|
|
925e6b |
+ respdata = '250 OK' + ('.' * smtplib._MAXLINE * 2) + '\n'
|
|
|
925e6b |
+
|
|
|
925e6b |
+ def setUp(self):
|
|
|
925e6b |
+ self.old_stdout = sys.stdout
|
|
|
925e6b |
+ self.output = StringIO.StringIO()
|
|
|
925e6b |
+ sys.stdout = self.output
|
|
|
925e6b |
+
|
|
|
925e6b |
+ self.evt = threading.Event()
|
|
|
925e6b |
+ self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
|
|
925e6b |
+ self.sock.settimeout(15)
|
|
|
925e6b |
+ self.port = test_support.bind_port(self.sock)
|
|
|
925e6b |
+ servargs = (self.evt, self.respdata, self.sock)
|
|
|
925e6b |
+ threading.Thread(target=server, args=servargs).start()
|
|
|
925e6b |
+ self.evt.wait()
|
|
|
925e6b |
+ self.evt.clear()
|
|
|
925e6b |
+
|
|
|
925e6b |
+ def tearDown(self):
|
|
|
925e6b |
+ self.evt.wait()
|
|
|
925e6b |
+ sys.stdout = self.old_stdout
|
|
|
925e6b |
+
|
|
|
925e6b |
+ def testLineTooLong(self):
|
|
|
925e6b |
+ self.assertRaises(smtplib.SMTPResponseException, smtplib.SMTP,
|
|
|
925e6b |
+ HOST, self.port, 'localhost', 3)
|
|
|
925e6b |
+
|
|
|
925e6b |
+
|
|
|
925e6b |
sim_users = {'Mr.A@somewhere.com':'John A',
|
|
|
925e6b |
'Ms.B@somewhere.com':'Sally B',
|
|
|
925e6b |
'Mrs.C@somewhereesle.com':'Ruth C',
|
|
|
925e6b |
@@ -526,7 +553,8 @@ class SMTPSimTests(unittest.TestCase):
|
|
|
925e6b |
def test_main(verbose=None):
|
|
|
925e6b |
test_support.run_unittest(GeneralTests, DebuggingServerTests,
|
|
|
925e6b |
NonConnectingTests,
|
|
|
925e6b |
- BadHELOServerTests, SMTPSimTests)
|
|
|
925e6b |
+ BadHELOServerTests, SMTPSimTests,
|
|
|
925e6b |
+ TooLongLineTests)
|
|
|
925e6b |
|
|
|
925e6b |
if __name__ == '__main__':
|
|
|
925e6b |
test_main()
|