#16042: CVE-2013-1752: Limit amount of data read by limiting the call to readline().
The SSLFakeFile.readline() method needs to support limiting readline() as
well. It's not a full emulation of readline()'s signature, but this class
is only used by smtplib's code, so it doesn't have to be.
Modified version of original patch by Christian Heimes.
diff --git a/Lib/smtplib.py b/Lib/smtplib.py
index 41a3c97..a8a7884 100755
--- a/Lib/smtplib.py
+++ b/Lib/smtplib.py
@@ -57,6 +57,7 @@
SMTP_PORT = 25
SMTP_SSL_PORT = 465
CRLF="\r\n"
+_MAXLINE = 8192 # more than 8 times larger than RFC 821, 4.5.3
OLDSTYLE_AUTH = re.compile(r"auth=(.*)", re.I)
@@ -170,10 +171,14 @@
def __init__(self, sslobj):
self.sslobj = sslobj
- def readline(self):
+ def readline(self, size=-1):
+ if size < 0:
+ size = None
str = ""
chr = None
while chr != "\n":
+ if size is not None and len(str) >= size:
+ break
chr = self.sslobj.read(1)
if not chr: break
str += chr
@@ -334,11 +339,13 @@
if self.file is None:
self.file = self.sock.makefile('rb')
while 1:
- line = self.file.readline()
+ line = self.file.readline(_MAXLINE + 1)
if line == '':
self.close()
raise SMTPServerDisconnected("Connection unexpectedly closed")
- if self.debuglevel > 0: print>>stderr, 'reply:', repr(line)
+ if self.debuglevel > 0: print >>stderr, 'reply:', repr(line)
+ if len(line) > _MAXLINE:
+ raise SMTPResponseException(500, "Line too long.")
resp.append(line[4:].strip())
code=line[:3]
# Check that the error code is syntactically correct.