diff options
author | Tudor Florea <tudor.florea@enea.com> | 2015-07-07 10:50:56 +0200 |
---|---|---|
committer | Tudor Florea <tudor.florea@enea.com> | 2015-07-07 22:58:50 +0200 |
commit | 5671167d2495d3a6b1e662707ff6123315f478cc (patch) | |
tree | 2aef7abc18883de003f4b1a35d4e5b814f81920f /meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-poplib-fix.patch | |
parent | 34e5a4f013f8bd0158a984bf5ed5b10ca4c1a263 (diff) | |
download | poky-5671167d2495d3a6b1e662707ff6123315f478cc.tar.gz |
python: Backport CVE-2013-1752 fix from upstream
This back ported patch fixes CVE-2013-1752 for
ftplib,imaplib,nntplib and poplib
References:
http://bugs.python.org/issue16038
http://bugs.python.org/issue16039
http://bugs.python.org/issue16040
http://bugs.python.org/issue16041
https://access.redhat.com/security/cve/CVE-2013-1752
The ftplib,imaplib,nntplib and poplib modules doesn't limit the amount
of read data in its call to readline().
The modules should be modified to use limited readline() with _MAXLINE.
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Diffstat (limited to 'meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-poplib-fix.patch')
-rw-r--r-- | meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-poplib-fix.patch | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-poplib-fix.patch b/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-poplib-fix.patch new file mode 100644 index 0000000000..15a5a2c63c --- /dev/null +++ b/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-poplib-fix.patch | |||
@@ -0,0 +1,90 @@ | |||
1 | diff --git a/Lib/poplib.py b/Lib/poplib.py | ||
2 | --- a/Lib/poplib.py | ||
3 | +++ b/Lib/poplib.py | ||
4 | @@ -27,16 +27,22 @@ POP3_PORT = 110 | ||
5 | # POP SSL PORT | ||
6 | POP3_SSL_PORT = 995 | ||
7 | |||
8 | # Line terminators (we always output CRLF, but accept any of CRLF, LFCR, LF) | ||
9 | CR = '\r' | ||
10 | LF = '\n' | ||
11 | CRLF = CR+LF | ||
12 | |||
13 | +# maximal line length when calling readline(). This is to prevent | ||
14 | +# reading arbitrary length lines. RFC 1939 limits POP3 line length to | ||
15 | +# 512 characters, including CRLF. We have selected 2048 just to be on | ||
16 | +# the safe side. | ||
17 | +_MAXLINE = 2048 | ||
18 | + | ||
19 | |||
20 | class POP3: | ||
21 | |||
22 | """This class supports both the minimal and optional command sets. | ||
23 | Arguments can be strings or integers (where appropriate) | ||
24 | (e.g.: retr(1) and retr('1') both work equally well. | ||
25 | |||
26 | Minimal Command Set: | ||
27 | @@ -98,17 +104,19 @@ class POP3: | ||
28 | self._putline(line) | ||
29 | |||
30 | |||
31 | # Internal: return one line from the server, stripping CRLF. | ||
32 | # This is where all the CPU time of this module is consumed. | ||
33 | # Raise error_proto('-ERR EOF') if the connection is closed. | ||
34 | |||
35 | def _getline(self): | ||
36 | - line = self.file.readline() | ||
37 | + line = self.file.readline(_MAXLINE + 1) | ||
38 | + if len(line) > _MAXLINE: | ||
39 | + raise error_proto('line too long') | ||
40 | if self._debugging > 1: print '*get*', repr(line) | ||
41 | if not line: raise error_proto('-ERR EOF') | ||
42 | octets = len(line) | ||
43 | # server can send any combination of CR & LF | ||
44 | # however, 'readline()' returns lines ending in LF | ||
45 | # so only possibilities are ...LF, ...CRLF, CR...LF | ||
46 | if line[-2:] == CRLF: | ||
47 | return line[:-2], octets | ||
48 | @@ -360,16 +368,18 @@ else: | ||
49 | self.buffer += localbuf | ||
50 | |||
51 | def _getline(self): | ||
52 | line = "" | ||
53 | renewline = re.compile(r'.*?\n') | ||
54 | match = renewline.match(self.buffer) | ||
55 | while not match: | ||
56 | self._fillBuffer() | ||
57 | + if len(self.buffer) > _MAXLINE: | ||
58 | + raise error_proto('line too long') | ||
59 | match = renewline.match(self.buffer) | ||
60 | line = match.group(0) | ||
61 | self.buffer = renewline.sub('' ,self.buffer, 1) | ||
62 | if self._debugging > 1: print '*get*', repr(line) | ||
63 | |||
64 | octets = len(line) | ||
65 | if line[-2:] == CRLF: | ||
66 | return line[:-2], octets | ||
67 | diff --git a/Lib/test/test_poplib.py b/Lib/test/test_poplib.py | ||
68 | --- a/Lib/test/test_poplib.py | ||
69 | +++ b/Lib/test/test_poplib.py | ||
70 | @@ -193,16 +193,20 @@ class TestPOP3Class(TestCase): | ||
71 | def test_retr(self): | ||
72 | expected = ('+OK 116 bytes', | ||
73 | ['From: postmaster@python.org', 'Content-Type: text/plain', | ||
74 | 'MIME-Version: 1.0', 'Subject: Dummy', | ||
75 | '', 'line1', 'line2', 'line3'], | ||
76 | 113) | ||
77 | self.assertEqual(self.client.retr('foo'), expected) | ||
78 | |||
79 | + def test_too_long_lines(self): | ||
80 | + self.assertRaises(poplib.error_proto, self.client._shortcmd, | ||
81 | + 'echo +%s' % ((poplib._MAXLINE + 10) * 'a')) | ||
82 | + | ||
83 | def test_dele(self): | ||
84 | self.assertOK(self.client.dele('foo')) | ||
85 | |||
86 | def test_noop(self): | ||
87 | self.assertOK(self.client.noop()) | ||
88 | |||
89 | def test_rpop(self): | ||
90 | self.assertOK(self.client.rpop('foo')) | ||