commit | 503baf9ecd2cc5fb0bb85cec99c300862c02de85 | [log] [tgz] |
---|---|---|
author | Andrew Kuchling <amk@amk.ca> | Sun Sep 15 13:11:47 2013 -0400 |
committer | Andrew Kuchling <amk@amk.ca> | Sun Sep 15 13:11:47 2013 -0400 |
tree | 8817cfd798230c1c1ad0aa5d8c5a4ba2e6bc7f32 | |
parent | ed9884b2d0d5f1d4b1a8b252c4cd702095e0fc23 [diff] |
#16042: CVE-2013-1752: Limit amount of data read by limiting the call to readline(). The SSLFakeFile.readline() method needs to support limiting readline() as well. It's not a full emulation of readline()'s signature, but this class is only used by smtplib's code, so it doesn't have to be. Modified version of original patch by Christian Heimes.