|
 |
ae2451 |
|
|
|
ae2451 |
# HG changeset patch
|
|
|
ae2451 |
# User R David Murray <rdmurray@bitdance.com>
|
|
|
ae2451 |
# Date 1388775562 18000
|
|
|
ae2451 |
# Node ID dd906f4ab9237020a7a275c2d361fa288e553481
|
|
|
ae2451 |
# Parent 69b5f692455306c98aa27ecea17e6290787ebd3f
|
|
|
ae2451 |
closes 16039: CVE-2013-1752: limit line length in imaplib readline calls.
|
|
|
ae2451 |
|
|
|
ae2451 |
diff --git a/Lib/imaplib.py b/Lib/imaplib.py
|
|
|
ae2451 |
--- a/Lib/imaplib.py
|
|
|
ae2451 |
+++ b/Lib/imaplib.py
|
|
|
ae2451 |
@@ -35,6 +35,15 @@ IMAP4_PORT = 143
|
|
|
ae2451 |
IMAP4_SSL_PORT = 993
|
|
|
ae2451 |
AllowedVersions = ('IMAP4REV1', 'IMAP4') # Most recent first
|
|
|
ae2451 |
|
|
|
ae2451 |
+# Maximal line length when calling readline(). This is to prevent
|
|
|
ae2451 |
+# reading arbitrary length lines. RFC 3501 and 2060 (IMAP 4rev1)
|
|
|
ae2451 |
+# don't specify a line length. RFC 2683 however suggests limiting client
|
|
|
ae2451 |
+# command lines to 1000 octets and server command lines to 8000 octets.
|
|
|
ae2451 |
+# We have selected 10000 for some extra margin and since that is supposedly
|
|
|
ae2451 |
+# also what UW and Panda IMAP does.
|
|
|
ae2451 |
+_MAXLINE = 10000
|
|
|
ae2451 |
+
|
|
|
ae2451 |
+
|
|
|
ae2451 |
# Commands
|
|
|
ae2451 |
|
|
|
ae2451 |
Commands = {
|
|
|
ae2451 |
@@ -237,7 +246,10 @@ class IMAP4:
|
|
|
ae2451 |
|
|
|
ae2451 |
def readline(self):
|
|
|
ae2451 |
"""Read line from remote."""
|
|
|
ae2451 |
- return self.file.readline()
|
|
|
ae2451 |
+ line = self.file.readline(_MAXLINE + 1)
|
|
|
ae2451 |
+ if len(line) > _MAXLINE:
|
|
|
ae2451 |
+ raise self.error("got more than %d bytes" % _MAXLINE)
|
|
|
ae2451 |
+ return line
|
|
|
ae2451 |
|
|
|
ae2451 |
|
|
|
ae2451 |
def send(self, data):
|
|
|
ae2451 |
diff --git a/Lib/test/test_imaplib.py b/Lib/test/test_imaplib.py
|
|
|
ae2451 |
--- a/Lib/test/test_imaplib.py
|
|
|
ae2451 |
+++ b/Lib/test/test_imaplib.py
|
|
|
ae2451 |
@@ -165,6 +165,16 @@ class BaseThreadedNetworkedTests(unittes
|
|
|
ae2451 |
self.imap_class, *server.server_address)
|
|
|
ae2451 |
|
|
|
ae2451 |
|
|
|
ae2451 |
+ def test_linetoolong(self):
|
|
|
ae2451 |
+ class TooLongHandler(SimpleIMAPHandler):
|
|
|
ae2451 |
+ def handle(self):
|
|
|
ae2451 |
+ # Send a very long response line
|
|
|
ae2451 |
+ self.wfile.write('* OK ' + imaplib._MAXLINE*'x' + '\r\n')
|
|
|
ae2451 |
+
|
|
|
ae2451 |
+ with self.reaped_server(TooLongHandler) as server:
|
|
|
ae2451 |
+ self.assertRaises(imaplib.IMAP4.error,
|
|
|
ae2451 |
+ self.imap_class, *server.server_address)
|
|
|
ae2451 |
+
|
|
|
ae2451 |
class ThreadedNetworkedTests(BaseThreadedNetworkedTests):
|
|
|
ae2451 |
|
|
|
ae2451 |
server_class = SocketServer.TCPServer
|