summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-nntplib-fix.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-nntplib-fix.patch')
-rw-r--r--meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-nntplib-fix.patch105
1 files changed, 105 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-nntplib-fix.patch b/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-nntplib-fix.patch
new file mode 100644
index 0000000..443e137
--- /dev/null
+++ b/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-nntplib-fix.patch
@@ -0,0 +1,105 @@
1Upstream-Status: Backport
2
3CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to prevent
4readline() calls from consuming too much memory.
5Patch by Jyrki Pulliainen.
6
7Signed-off-by: Tudor Florea <tudor.florea@enea.com>
8
9diff -r 936621d33c38 Lib/nntplib.py
10--- a/Lib/nntplib.py Wed Feb 20 18:19:55 2013 -0500
11+++ b/Lib/nntplib.py Mon Sep 30 23:42:09 2013 +0200
12@@ -37,6 +37,13 @@
13 "error_reply","error_temp","error_perm","error_proto",
14 "error_data",]
15
16+# maximal line length when calling readline(). This is to prevent
17+# reading arbitrary length lines. RFC 3977 limits NNTP line length to
18+# 512 characters, including CRLF. We have selected 2048 just to be on
19+# the safe side.
20+_MAXLINE = 2048
21+
22+
23 # Exceptions raised when an error or invalid response is received
24 class NNTPError(Exception):
25 """Base class for all nntplib exceptions"""
26@@ -200,7 +207,9 @@
27 def getline(self):
28 """Internal: return one line from the server, stripping CRLF.
29 Raise EOFError if the connection is closed."""
30- line = self.file.readline()
31+ line = self.file.readline(_MAXLINE + 1)
32+ if len(line) > _MAXLINE:
33+ raise NNTPProtocolError('line too long')
34 if self.debugging > 1:
35 print '*get*', repr(line)
36 if not line: raise EOFError
37diff -r 936621d33c38 Lib/test/test_nntplib.py
38--- /dev/null Thu Jan 01 00:00:00 1970 +0000
39+++ b/Lib/test/test_nntplib.py Mon Sep 30 23:42:09 2013 +0200
40@@ -0,0 +1,65 @@
41+import socket
42+import threading
43+import nntplib
44+import time
45+
46+from unittest import TestCase
47+from test import test_support
48+
49+HOST = test_support.HOST
50+
51+
52+def server(evt, serv, evil=False):
53+ serv.listen(5)
54+ try:
55+ conn, addr = serv.accept()
56+ except socket.timeout:
57+ pass
58+ else:
59+ if evil:
60+ conn.send("1 I'm too long response" * 3000 + "\n")
61+ else:
62+ conn.send("1 I'm OK response\n")
63+ conn.close()
64+ finally:
65+ serv.close()
66+ evt.set()
67+
68+
69+class BaseServerTest(TestCase):
70+ def setUp(self):
71+ self.evt = threading.Event()
72+ self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
73+ self.sock.settimeout(3)
74+ self.port = test_support.bind_port(self.sock)
75+ threading.Thread(
76+ target=server,
77+ args=(self.evt, self.sock, self.evil)).start()
78+ time.sleep(.1)
79+
80+ def tearDown(self):
81+ self.evt.wait()
82+
83+
84+class ServerTests(BaseServerTest):
85+ evil = False
86+
87+ def test_basic_connect(self):
88+ nntp = nntplib.NNTP('localhost', self.port)
89+ nntp.sock.close()
90+
91+
92+class EvilServerTests(BaseServerTest):
93+ evil = True
94+
95+ def test_too_long_line(self):
96+ self.assertRaises(nntplib.NNTPProtocolError,
97+ nntplib.NNTP, 'localhost', self.port)
98+
99+
100+def test_main(verbose=None):
101+ test_support.run_unittest(EvilServerTests)
102+ test_support.run_unittest(ServerTests)
103+
104+if __name__ == '__main__':
105+ test_main()