bpo-16039: CVE-2013-1752: Limit imaplib.IMAP4_SSL.readline() (GH-11120)

bpo-16039: CVE-2013-1752: Limit imaplib.IMAP4_SSL.readline() (GH-11120) · python/cpython@16d6320

3 files changed

lines changed

Original file line number	Diff line number	Diff line change
`@@ -1182,16 +1182,6 @@ def open(self, host = '', port = IMAP4_SSL_PORT):`
`1182`	`1182`	`self.file = self.sslobj.makefile('rb')`
`1183`	`1183`
`1184`	`1184`
`1185`		`-def read(self, size):`
`1186`		`-"""Read 'size' bytes from remote."""`
`1187`		`-return self.file.read(size)`
`1188`		`-`
`1189`		`-`
`1190`		`-def readline(self):`
`1191`		`-"""Read line from remote."""`
`1192`		`-return self.file.readline()`
`1193`		`-`
`1194`		`-`
`1195`	`1185`	`def send(self, data):`
`1196`	`1186`	`"""Send data to remote."""`
`1197`	`1187`	`bytes = len(data)`

Original file line number	Diff line number	Diff line change
`@@ -166,14 +166,18 @@ def handle(self):`
`166`	`166`
`167`	`167`
`168`	`168`	`def test_linetoolong(self):`
	`169`	`+maxline = 10`
	`170`	`+`
`169`	`171`	`class TooLongHandler(SimpleIMAPHandler):`
`170`	`172`	`def handle(self):`
`171`	`173`	`# Send a very long response line`
`172`		`-self.wfile.write('* OK ' + imaplib._MAXLINE*'x' + '\r\n')`
	`174`	`+self.wfile.write('* OK ' + maxline * 'x' + '\r\n')`
`173`	`175`
`174`		`-with self.reaped_server(TooLongHandler) as server:`
`175`		`-self.assertRaises(imaplib.IMAP4.error,`
`176`		`-self.imap_class, *server.server_address)`
	`176`	`+with self.reaped_server(TooLongHandler) as server, \`
	`177`	`+support.swap_attr(imaplib, '_MAXLINE', maxline):`
	`178`	`+with self.assertRaisesRegexp(imaplib.IMAP4.error,`
	`179`	`+'got more than 10 bytes'):`
	`180`	`+self.imap_class(*server.server_address)`
`177`	`181`
`178`	`182`	`class ThreadedNetworkedTests(BaseThreadedNetworkedTests):`
`179`	`183`
`@@ -187,9 +191,6 @@ class ThreadedNetworkedTestsSSL(BaseThreadedNetworkedTests):`
`187`	`191`	`server_class = SecureTCPServer`
`188`	`192`	`imap_class = IMAP4_SSL`
`189`	`193`
`190`		`-def test_linetoolong(self):`
`191`		`-raise unittest.SkipTest("test is not reliable on 2.7; see issue 20118")`
`192`		`-`
`193`	`194`
`194`	`195`	`class RemoteIMAPTest(unittest.TestCase):`
`195`	`196`	`host = 'cyrus.andrew.cmu.edu'`

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	+CVE-2013-1752: Change use of ``readline()`` in :class:`imaplib.IMAP4_SSL` to
	`2`	`+limit line length.`