commit c30b178cbc92e62c22527cd7e1af2f02723ba679
author Serhiy Storchaka <storchaka@gmail.com> Sun Oct 20 16:58:27 2013 +0300
committer Serhiy Storchaka <storchaka@gmail.com> Sun Oct 20 16:58:27 2013 +0300
tree 2a9c2b991a9dc2b2814c4a52e4672a2d6bf5d751
parent 0abb21884c422d23013ebd0cbd2c37c09d4ea0c5

Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by
limiting the call to readline().  Original patch by Michał
Jastrzębski and Giampaolo Rodola.

Lib/ftplib.py

diff --git a/Lib/ftplib.py b/Lib/ftplib.py
index 741e647..5e75e6d 100644
--- a/Lib/ftplib.py
+++ b/Lib/ftplib.py
@@ -49,6 +49,8 @@
 
 # The standard FTP server control port
 FTP_PORT = 21
+# The sizehint parameter passed to readline() calls
+MAXLINE = 8192
 
 
 # Exception raised when an error or invalid response is received
@@ -96,6 +98,7 @@
     debugging = 0
     host = ''
     port = FTP_PORT
+    maxline = MAXLINE
     sock = None
     file = None
     welcome = None
@@ -194,7 +197,9 @@
     # Internal: return one line from the server, stripping CRLF.
     # Raise EOFError if the connection is closed
     def getline(self):
-        line = self.file.readline()
+        line = self.file.readline(self.maxline + 1)
+        if len(line) > self.maxline:
+            raise Error("got more than %d bytes" % self.maxline)
         if self.debugging > 1:
             print('*get*', self.sanitize(line))
         if not line: raise EOFError
@@ -446,7 +451,9 @@
         with self.transfercmd(cmd) as conn, \
                  conn.makefile('r', encoding=self.encoding) as fp:
             while 1:
-                line = fp.readline()
+                line = fp.readline(self.maxline + 1)
+                if len(line) > self.maxline:
+                    raise Error("got more than %d bytes" % self.maxline)
                 if self.debugging > 2: print('*retr*', repr(line))
                 if not line:
                     break
@@ -496,7 +503,9 @@
         self.voidcmd('TYPE A')
         with self.transfercmd(cmd) as conn:
             while 1:
-                buf = fp.readline()
+                buf = fp.readline(self.maxline + 1)
+                if len(buf) > self.maxline:
+                    raise Error("got more than %d bytes" % self.maxline)
                 if not buf: break
                 if buf[-2:] != B_CRLF:
                     if buf[-1] in B_CRLF: buf = buf[:-1]
@@ -773,7 +782,9 @@
             fp = conn.makefile('r', encoding=self.encoding)
             with fp, conn:
                 while 1:
-                    line = fp.readline()
+                    line = fp.readline(self.maxline + 1)
+                    if len(line) > self.maxline:
+                        raise Error("got more than %d bytes" % self.maxline)
                     if self.debugging > 2: print('*retr*', repr(line))
                     if not line:
                         break
@@ -804,7 +815,9 @@
             self.voidcmd('TYPE A')
             with self.transfercmd(cmd) as conn:
                 while 1:
-                    buf = fp.readline()
+                    buf = fp.readline(self.maxline + 1)
+                    if len(buf) > self.maxline:
+                        raise Error("got more than %d bytes" % self.maxline)
                     if not buf: break
                     if buf[-2:] != B_CRLF:
                         if buf[-1] in B_CRLF: buf = buf[:-1]