- Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to prevent readline() calls from consuming too much memory. Patch by Jyrki Pulliainen.

commit: 42faa55124abcbb132c57745dec9e0489ac74406 [log] [tgz]
author: Barry Warsaw <barry@python.org> Mon Sep 30 18:35:15 2013 -0400
committer: Barry Warsaw <barry@python.org> Mon Sep 30 18:35:15 2013 -0400
tree: e2f69e8268e52ee4451fd7892e2e4a3233a6947c
parent: e763a91f6ab5c21c94d69f4b6a708542b7db69ab [diff] [blame]
diff --git a/Lib/nntplib.py b/Lib/nntplib.py
index f519b06..f5e0d29 100644
--- a/Lib/nntplib.py
+++ b/Lib/nntplib.py

@@ -37,6 +37,13 @@
            "error_reply","error_temp","error_perm","error_proto",
            "error_data",]
 
+# maximal line length when calling readline(). This is to prevent
+# reading arbitrary lenght lines. RFC 3977 limits NNTP line length to
+# 512 characters, including CRLF. We have selected 2048 just to be on
+# the safe side.
+_MAXLINE = 2048
+
+
 # Exceptions raised when an error or invalid response is received
 class NNTPError(Exception):
     """Base class for all nntplib exceptions"""
@@ -200,7 +207,9 @@
     def getline(self):
         """Internal: return one line from the server, stripping CRLF.
         Raise EOFError if the connection is closed."""
-        line = self.file.readline()
+        line = self.file.readline(_MAXLINE + 1)
+        if len(line) > _MAXLINE:
+            raise NNTPDataError('line too long')
         if self.debugging > 1:
             print '*get*', repr(line)
         if not line: raise EOFError
commit	42faa55124abcbb132c57745dec9e0489ac74406	[log] [tgz]
author	Barry Warsaw <barry@python.org>	Mon Sep 30 18:35:15 2013 -0400
committer	Barry Warsaw <barry@python.org>	Mon Sep 30 18:35:15 2013 -0400
tree	e2f69e8268e52ee4451fd7892e2e4a3233a6947c
parent	e763a91f6ab5c21c94d69f4b6a708542b7db69ab [diff] [blame]