- Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to
prevent readline() calls from consuming too much member. Patch by Jyrki
Pulliainen.
diff --git a/Lib/poplib.py b/Lib/poplib.py
index e2b33ef..3283eb6 100644
--- a/Lib/poplib.py
+++ b/Lib/poplib.py
@@ -32,6 +32,12 @@
LF = '\n'
CRLF = CR+LF
+# maximal line length when calling readline(). This is to prevent
+# reading arbitrary lenght lines. RFC 1939 limits POP3 line length to
+# 512 characters, including CRLF. We have selected 2048 just to be on
+# the safe side.
+_MAXLINE = 2048
+
class POP3:
@@ -103,7 +109,10 @@
# Raise error_proto('-ERR EOF') if the connection is closed.
def _getline(self):
- line = self.file.readline()
+ line = self.file.readline(_MAXLINE + 1)
+ if len(line) > _MAXLINE:
+ raise error_proto('line too long')
+
if self._debugging > 1: print '*get*', repr(line)
if not line: raise error_proto('-ERR EOF')
octets = len(line)
@@ -363,7 +372,10 @@
line = ""
renewline = re.compile(r'.*?\n')
match = renewline.match(self.buffer)
+
while not match:
+ if len(self.buffer) > _MAXLINE:
+ raise error_proto('line too long')
self._fillBuffer()
match = renewline.match(self.buffer)
line = match.group(0)