summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-imaplib-fix.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-imaplib-fix.patch')
-rw-r--r--meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-imaplib-fix.patch37
1 files changed, 37 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-imaplib-fix.patch b/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-imaplib-fix.patch
new file mode 100644
index 0000000..f4bd84d
--- /dev/null
+++ b/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-imaplib-fix.patch
@@ -0,0 +1,37 @@
1Upstream-Status: Backport
2
3CVE-2013-1752: Change use of readline in imaplib module to limit line length. Patch by Emil Lind.
4
5Signed-off-by: Tudor Florea <tudor.florea@enea.com>
6
7diff -r ce583eb0bec2 Lib/imaplib.py
8--- a/Lib/imaplib.py Thu Feb 21 20:17:54 2013 +0200
9+++ b/Lib/imaplib.py Tue Feb 26 22:36:52 2013 +0100
10@@ -35,6 +35,15 @@
11 IMAP4_SSL_PORT = 993
12 AllowedVersions = ('IMAP4REV1', 'IMAP4') # Most recent first
13
14+# Maximal line length when calling readline(). This is to prevent
15+# reading arbitrary length lines. RFC 3501 and 2060 (IMAP 4rev1)
16+# don't specify a line length. RFC 2683 however suggests limiting client
17+# command lines to 1000 octets and server command lines to 8000 octets.
18+# We have selected 10000 for some extra margin and since that is supposedly
19+# also what UW and Panda IMAP does.
20+_MAXLINE = 10000
21+
22+
23 # Commands
24
25 Commands = {
26@@ -237,7 +246,10 @@
27
28 def readline(self):
29 """Read line from remote."""
30- return self.file.readline()
31+ line = self.file.readline(_MAXLINE + 1)
32+ if len(line) > _MAXLINE:
33+ raise self.error("got more than %d bytes" % _MAXLINE)
34+ return line
35
36
37 def send(self, data):