diff options
Diffstat (limited to 'meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-imaplib-fix.patch')
-rw-r--r-- | meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-imaplib-fix.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-imaplib-fix.patch b/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-imaplib-fix.patch new file mode 100644 index 0000000000..f4bd84d831 --- /dev/null +++ b/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-imaplib-fix.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | Upstream-Status: Backport | ||
2 | |||
3 | CVE-2013-1752: Change use of readline in imaplib module to limit line length. Patch by Emil Lind. | ||
4 | |||
5 | Signed-off-by: Tudor Florea <tudor.florea@enea.com> | ||
6 | |||
7 | diff -r ce583eb0bec2 Lib/imaplib.py | ||
8 | --- a/Lib/imaplib.py Thu Feb 21 20:17:54 2013 +0200 | ||
9 | +++ b/Lib/imaplib.py Tue Feb 26 22:36:52 2013 +0100 | ||
10 | @@ -35,6 +35,15 @@ | ||
11 | IMAP4_SSL_PORT = 993 | ||
12 | AllowedVersions = ('IMAP4REV1', 'IMAP4') # Most recent first | ||
13 | |||
14 | +# Maximal line length when calling readline(). This is to prevent | ||
15 | +# reading arbitrary length lines. RFC 3501 and 2060 (IMAP 4rev1) | ||
16 | +# don't specify a line length. RFC 2683 however suggests limiting client | ||
17 | +# command lines to 1000 octets and server command lines to 8000 octets. | ||
18 | +# We have selected 10000 for some extra margin and since that is supposedly | ||
19 | +# also what UW and Panda IMAP does. | ||
20 | +_MAXLINE = 10000 | ||
21 | + | ||
22 | + | ||
23 | # Commands | ||
24 | |||
25 | Commands = { | ||
26 | @@ -237,7 +246,10 @@ | ||
27 | |||
28 | def readline(self): | ||
29 | """Read line from remote.""" | ||
30 | - return self.file.readline() | ||
31 | + line = self.file.readline(_MAXLINE + 1) | ||
32 | + if len(line) > _MAXLINE: | ||
33 | + raise self.error("got more than %d bytes" % _MAXLINE) | ||
34 | + return line | ||
35 | |||
36 | |||
37 | def send(self, data): | ||