[Python-checkins] cpython (3.2): Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by

georg.brandl python-checkins at python.org
Tue Sep 30 14:46:57 CEST 2014

• Previous message: [Python-checkins] cpython (3.4): faulthandler: test_gil_released() now uses _sigsegv() instead of _read_null(),
• Next message: [Python-checkins] cpython (3.2): Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

https://hg.python.org/cpython/rev/783e7b4375ac
changeset: 92660:783e7b4375ac
branch: 3.2
user: Georg Brandl <georg at python.org>
date: Tue Sep 30 14:12:24 2014 +0200
summary:
 Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by
limiting the call to readline(). Original patch by Michał
Jastrzębski and Giampaolo Rodola.
files:
 Lib/ftplib.py | 23 ++++++++++++++++++-----
 Lib/test/test_ftplib.py | 22 +++++++++++++++++++++-
 Misc/NEWS | 4 ++++
 3 files changed, 43 insertions(+), 6 deletions(-)
diff --git a/Lib/ftplib.py b/Lib/ftplib.py
--- a/Lib/ftplib.py
+++ b/Lib/ftplib.py
@@ -49,6 +49,8 @@
 
 # The standard FTP server control port
 FTP_PORT = 21
+# The sizehint parameter passed to readline() calls
+MAXLINE = 8192
 
 
 # Exception raised when an error or invalid response is received
@@ -96,6 +98,7 @@
 debugging = 0
 host = ''
 port = FTP_PORT
+ maxline = MAXLINE
 sock = None
 file = None
 welcome = None
@@ -190,7 +193,9 @@
 # Internal: return one line from the server, stripping CRLF.
 # Raise EOFError if the connection is closed
 def getline(self):
- line = self.file.readline()
+ line = self.file.readline(self.maxline + 1)
+ if len(line) > self.maxline:
+ raise Error("got more than %d bytes" % self.maxline)
 if self.debugging > 1:
 print('*get*', self.sanitize(line))
 if not line: raise EOFError
@@ -444,7 +449,9 @@
 with self.transfercmd(cmd) as conn, \
 conn.makefile('r', encoding=self.encoding) as fp:
 while 1:
- line = fp.readline()
+ line = fp.readline(self.maxline + 1)
+ if len(line) > self.maxline:
+ raise Error("got more than %d bytes" % self.maxline)
 if self.debugging > 2: print('*retr*', repr(line))
 if not line:
 break
@@ -494,7 +501,9 @@
 self.voidcmd('TYPE A')
 with self.transfercmd(cmd) as conn:
 while 1:
- buf = fp.readline()
+ buf = fp.readline(self.maxline + 1)
+ if len(buf) > self.maxline:
+ raise Error("got more than %d bytes" % self.maxline)
 if not buf: break
 if buf[-2:] != B_CRLF:
 if buf[-1] in B_CRLF: buf = buf[:-1]
@@ -741,7 +750,9 @@
 fp = conn.makefile('r', encoding=self.encoding)
 try:
 while 1:
- line = fp.readline()
+ line = fp.readline(self.maxline + 1)
+ if len(line) > self.maxline:
+ raise Error("got more than %d bytes" % self.maxline)
 if self.debugging > 2: print('*retr*', repr(line))
 if not line:
 break
@@ -779,7 +790,9 @@
 conn = self.transfercmd(cmd)
 try:
 while 1:
- buf = fp.readline()
+ buf = fp.readline(self.maxline + 1)
+ if len(buf) > self.maxline:
+ raise Error("got more than %d bytes" % self.maxline)
 if not buf: break
 if buf[-2:] != B_CRLF:
 if buf[-1] in B_CRLF: buf = buf[:-1]
diff --git a/Lib/test/test_ftplib.py b/Lib/test/test_ftplib.py
--- a/Lib/test/test_ftplib.py
+++ b/Lib/test/test_ftplib.py
@@ -70,6 +70,7 @@
 self.last_received_data = ''
 self.next_response = ''
 self.rest = None
+ self.next_retr_data = RETR_DATA
 self.push('220 welcome')
 
 def collect_incoming_data(self, data):
@@ -199,7 +200,7 @@
 offset = int(self.rest)
 else:
 offset = 0
- self.dtp.push(RETR_DATA[offset:])
+ self.dtp.push(self.next_retr_data[offset:])
 self.dtp.close_when_done()
 self.rest = None
 
@@ -213,6 +214,11 @@
 self.dtp.push(NLST_DATA)
 self.dtp.close_when_done()
 
+ def cmd_setlongretr(self, arg):
+ # For testing. Next RETR will return long line.
+ self.next_retr_data = 'x' * int(arg)
+ self.push('125 setlongretr ok')
+
 
 class DummyFTPServer(asyncore.dispatcher, threading.Thread):
 
@@ -628,6 +634,20 @@
 self.assertEqual(ftplib.parse257('257 "/foo/b""ar"'), '/foo/b"ar')
 self.assertEqual(ftplib.parse257('257 "/foo/b""ar" created'), '/foo/b"ar')
 
+ def test_line_too_long(self):
+ self.assertRaises(ftplib.Error, self.client.sendcmd,
+ 'x' * self.client.maxline * 2)
+
+ def test_retrlines_too_long(self):
+ self.client.sendcmd('SETLONGRETR %d' % (self.client.maxline * 2))
+ received = []
+ self.assertRaises(ftplib.Error,
+ self.client.retrlines, 'retr', received.append)
+
+ def test_storlines_too_long(self):
+ f = io.BytesIO(b'x' * self.client.maxline * 2)
+ self.assertRaises(ftplib.Error, self.client.storlines, 'stor', f)
+
 
 class TestIPv6Environment(TestCase):
 
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -10,6 +10,10 @@
 Library
 -------
 
+- Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by
+ limiting the call to readline(). Original patch by Michał
+ Jastrzębski and Giampaolo Rodola.
+
 - Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than
 100 headers are read. Adapted from patch by Jyrki Pulliainen.
 
-- 
Repository URL: https://hg.python.org/cpython

---

• Previous message: [Python-checkins] cpython (3.4): faulthandler: test_gil_released() now uses _sigsegv() instead of _read_null(),
• Next message: [Python-checkins] cpython (3.2): Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-checkins mailing list