diff options
Diffstat (limited to 'meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-nntplib-fix.patch')
-rw-r--r-- | meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-nntplib-fix.patch | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-nntplib-fix.patch b/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-nntplib-fix.patch new file mode 100644 index 0000000000..443e137ea5 --- /dev/null +++ b/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-nntplib-fix.patch | |||
@@ -0,0 +1,105 @@ | |||
1 | Upstream-Status: Backport | ||
2 | |||
3 | CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to prevent | ||
4 | readline() calls from consuming too much memory. | ||
5 | Patch by Jyrki Pulliainen. | ||
6 | |||
7 | Signed-off-by: Tudor Florea <tudor.florea@enea.com> | ||
8 | |||
9 | diff -r 936621d33c38 Lib/nntplib.py | ||
10 | --- a/Lib/nntplib.py Wed Feb 20 18:19:55 2013 -0500 | ||
11 | +++ b/Lib/nntplib.py Mon Sep 30 23:42:09 2013 +0200 | ||
12 | @@ -37,6 +37,13 @@ | ||
13 | "error_reply","error_temp","error_perm","error_proto", | ||
14 | "error_data",] | ||
15 | |||
16 | +# maximal line length when calling readline(). This is to prevent | ||
17 | +# reading arbitrary length lines. RFC 3977 limits NNTP line length to | ||
18 | +# 512 characters, including CRLF. We have selected 2048 just to be on | ||
19 | +# the safe side. | ||
20 | +_MAXLINE = 2048 | ||
21 | + | ||
22 | + | ||
23 | # Exceptions raised when an error or invalid response is received | ||
24 | class NNTPError(Exception): | ||
25 | """Base class for all nntplib exceptions""" | ||
26 | @@ -200,7 +207,9 @@ | ||
27 | def getline(self): | ||
28 | """Internal: return one line from the server, stripping CRLF. | ||
29 | Raise EOFError if the connection is closed.""" | ||
30 | - line = self.file.readline() | ||
31 | + line = self.file.readline(_MAXLINE + 1) | ||
32 | + if len(line) > _MAXLINE: | ||
33 | + raise NNTPProtocolError('line too long') | ||
34 | if self.debugging > 1: | ||
35 | print '*get*', repr(line) | ||
36 | if not line: raise EOFError | ||
37 | diff -r 936621d33c38 Lib/test/test_nntplib.py | ||
38 | --- /dev/null Thu Jan 01 00:00:00 1970 +0000 | ||
39 | +++ b/Lib/test/test_nntplib.py Mon Sep 30 23:42:09 2013 +0200 | ||
40 | @@ -0,0 +1,65 @@ | ||
41 | +import socket | ||
42 | +import threading | ||
43 | +import nntplib | ||
44 | +import time | ||
45 | + | ||
46 | +from unittest import TestCase | ||
47 | +from test import test_support | ||
48 | + | ||
49 | +HOST = test_support.HOST | ||
50 | + | ||
51 | + | ||
52 | +def server(evt, serv, evil=False): | ||
53 | + serv.listen(5) | ||
54 | + try: | ||
55 | + conn, addr = serv.accept() | ||
56 | + except socket.timeout: | ||
57 | + pass | ||
58 | + else: | ||
59 | + if evil: | ||
60 | + conn.send("1 I'm too long response" * 3000 + "\n") | ||
61 | + else: | ||
62 | + conn.send("1 I'm OK response\n") | ||
63 | + conn.close() | ||
64 | + finally: | ||
65 | + serv.close() | ||
66 | + evt.set() | ||
67 | + | ||
68 | + | ||
69 | +class BaseServerTest(TestCase): | ||
70 | + def setUp(self): | ||
71 | + self.evt = threading.Event() | ||
72 | + self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | ||
73 | + self.sock.settimeout(3) | ||
74 | + self.port = test_support.bind_port(self.sock) | ||
75 | + threading.Thread( | ||
76 | + target=server, | ||
77 | + args=(self.evt, self.sock, self.evil)).start() | ||
78 | + time.sleep(.1) | ||
79 | + | ||
80 | + def tearDown(self): | ||
81 | + self.evt.wait() | ||
82 | + | ||
83 | + | ||
84 | +class ServerTests(BaseServerTest): | ||
85 | + evil = False | ||
86 | + | ||
87 | + def test_basic_connect(self): | ||
88 | + nntp = nntplib.NNTP('localhost', self.port) | ||
89 | + nntp.sock.close() | ||
90 | + | ||
91 | + | ||
92 | +class EvilServerTests(BaseServerTest): | ||
93 | + evil = True | ||
94 | + | ||
95 | + def test_too_long_line(self): | ||
96 | + self.assertRaises(nntplib.NNTPProtocolError, | ||
97 | + nntplib.NNTP, 'localhost', self.port) | ||
98 | + | ||
99 | + | ||
100 | +def test_main(verbose=None): | ||
101 | + test_support.run_unittest(EvilServerTests) | ||
102 | + test_support.run_unittest(ServerTests) | ||
103 | + | ||
104 | +if __name__ == '__main__': | ||
105 | + test_main() | ||