- Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by
limiting the call to readline(). Original patch by Michał
Jastrzębski and Giampaolo Rodola.
with test fixes by Serhiy Storchaka.
diff --git a/Lib/ftplib.py b/Lib/ftplib.py
index 22decb2..a3c6475 100644
--- a/Lib/ftplib.py
+++ b/Lib/ftplib.py
@@ -54,6 +54,8 @@
# The standard FTP server control port
FTP_PORT = 21
+# The sizehint parameter passed to readline() calls
+MAXLINE = 8192
# Exception raised when an error or invalid response is received
@@ -100,6 +102,7 @@
debugging = 0
host = ''
port = FTP_PORT
+ maxline = MAXLINE
sock = None
file = None
welcome = None
@@ -179,7 +182,9 @@
# Internal: return one line from the server, stripping CRLF.
# Raise EOFError if the connection is closed
def getline(self):
- line = self.file.readline()
+ line = self.file.readline(self.maxline + 1)
+ if len(line) > self.maxline:
+ raise Error("got more than %d bytes" % self.maxline)
if self.debugging > 1:
print '*get*', self.sanitize(line)
if not line: raise EOFError
@@ -421,7 +426,9 @@
conn = self.transfercmd(cmd)
fp = conn.makefile('rb')
while 1:
- line = fp.readline()
+ line = fp.readline(self.maxline + 1)
+ if len(line) > self.maxline:
+ raise Error("got more than %d bytes" % self.maxline)
if self.debugging > 2: print '*retr*', repr(line)
if not line:
break
@@ -473,7 +480,9 @@
self.voidcmd('TYPE A')
conn = self.transfercmd(cmd)
while 1:
- buf = fp.readline()
+ buf = fp.readline(self.maxline + 1)
+ if len(buf) > self.maxline:
+ raise Error("got more than %d bytes" % self.maxline)
if not buf: break
if buf[-2:] != CRLF:
if buf[-1] in CRLF: buf = buf[:-1]