Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to prevent readline() calls from consuming too much memory. Patch by Jyrki Pulliainen.

commit: 28e78414f9175774f26d8c564c7c1d3b078f99de [log] [tgz]
author: Georg Brandl <georg@python.org> Sun Oct 27 07:29:47 2013 +0100
committer: Georg Brandl <georg@python.org> Sun Oct 27 07:29:47 2013 +0100
tree: c7d39909d04b0b9f313083b4c8e9da197662c397
parent: 7e27abbb3936e9a7baea13ceeac6abd256bc0d6f [diff] [blame]
diff --git a/Lib/test/test_nntplib.py b/Lib/test/test_nntplib.py
index 19fb10a..5ab87c4 100644
--- a/Lib/test/test_nntplib.py
+++ b/Lib/test/test_nntplib.py

@@ -584,6 +584,11 @@
                 <a4929a40-6328-491a-aaaf-cb79ed7309a2@q2g2000vbk.googlegroups.com>
                 <f30c0419-f549-4218-848f-d7d0131da931@y3g2000vbm.googlegroups.com>
                 .""")
+        elif (group == 'comp.lang.python' and
+              date_str in ('20100101', '100101') and
+              time_str == '090000'):
+            self.push_lit('too long line' * 3000 +
+                          '\n.')
         else:
             self.push_lit("""\
                 230 An empty list of newsarticles follows
@@ -1179,6 +1184,11 @@
         self.assertEqual(cm.exception.response,
                          "435 Article not wanted")
 
+    def test_too_long_lines(self):
+        dt = datetime.datetime(2010, 1, 1, 9, 0, 0)
+        self.assertRaises(nntplib.NNTPDataError,
+                          self.server.newnews, "comp.lang.python", dt)
+
 
 class NNTPv1Tests(NNTPv1v2TestsMixin, MockedNNTPTestsMixin, unittest.TestCase):
     """Tests an NNTP v1 server (no capabilities)."""
commit	28e78414f9175774f26d8c564c7c1d3b078f99de	[log] [tgz]
author	Georg Brandl <georg@python.org>	Sun Oct 27 07:29:47 2013 +0100
committer	Georg Brandl <georg@python.org>	Sun Oct 27 07:29:47 2013 +0100
tree	c7d39909d04b0b9f313083b4c8e9da197662c397
parent	7e27abbb3936e9a7baea13ceeac6abd256bc0d6f [diff] [blame]