Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by
limiting the call to readline(). Original patch by Michał Jastrzębski and Giampaolo Rodola.
This commit is contained in:
parent
f0746ca463
commit
c9cb18d3f7
|
@ -49,6 +49,8 @@ MSG_OOB = 0x1 # Process data out of band
|
|||
|
||||
# The standard FTP server control port
|
||||
FTP_PORT = 21
|
||||
# The sizehint parameter passed to readline() calls
|
||||
MAXLINE = 8192
|
||||
|
||||
|
||||
# Exception raised when an error or invalid response is received
|
||||
|
@ -96,6 +98,7 @@ class FTP:
|
|||
debugging = 0
|
||||
host = ''
|
||||
port = FTP_PORT
|
||||
maxline = MAXLINE
|
||||
sock = None
|
||||
file = None
|
||||
welcome = None
|
||||
|
@ -190,7 +193,9 @@ class FTP:
|
|||
# Internal: return one line from the server, stripping CRLF.
|
||||
# Raise EOFError if the connection is closed
|
||||
def getline(self):
|
||||
line = self.file.readline()
|
||||
line = self.file.readline(self.maxline + 1)
|
||||
if len(line) > self.maxline:
|
||||
raise Error("got more than %d bytes" % self.maxline)
|
||||
if self.debugging > 1:
|
||||
print('*get*', self.sanitize(line))
|
||||
if not line: raise EOFError
|
||||
|
@ -444,7 +449,9 @@ class FTP:
|
|||
with self.transfercmd(cmd) as conn, \
|
||||
conn.makefile('r', encoding=self.encoding) as fp:
|
||||
while 1:
|
||||
line = fp.readline()
|
||||
line = fp.readline(self.maxline + 1)
|
||||
if len(line) > self.maxline:
|
||||
raise Error("got more than %d bytes" % self.maxline)
|
||||
if self.debugging > 2: print('*retr*', repr(line))
|
||||
if not line:
|
||||
break
|
||||
|
@ -494,7 +501,9 @@ class FTP:
|
|||
self.voidcmd('TYPE A')
|
||||
with self.transfercmd(cmd) as conn:
|
||||
while 1:
|
||||
buf = fp.readline()
|
||||
buf = fp.readline(self.maxline + 1)
|
||||
if len(buf) > self.maxline:
|
||||
raise Error("got more than %d bytes" % self.maxline)
|
||||
if not buf: break
|
||||
if buf[-2:] != B_CRLF:
|
||||
if buf[-1] in B_CRLF: buf = buf[:-1]
|
||||
|
@ -741,7 +750,9 @@ else:
|
|||
fp = conn.makefile('r', encoding=self.encoding)
|
||||
try:
|
||||
while 1:
|
||||
line = fp.readline()
|
||||
line = fp.readline(self.maxline + 1)
|
||||
if len(line) > self.maxline:
|
||||
raise Error("got more than %d bytes" % self.maxline)
|
||||
if self.debugging > 2: print('*retr*', repr(line))
|
||||
if not line:
|
||||
break
|
||||
|
@ -779,7 +790,9 @@ else:
|
|||
conn = self.transfercmd(cmd)
|
||||
try:
|
||||
while 1:
|
||||
buf = fp.readline()
|
||||
buf = fp.readline(self.maxline + 1)
|
||||
if len(buf) > self.maxline:
|
||||
raise Error("got more than %d bytes" % self.maxline)
|
||||
if not buf: break
|
||||
if buf[-2:] != B_CRLF:
|
||||
if buf[-1] in B_CRLF: buf = buf[:-1]
|
||||
|
|
|
@ -70,6 +70,7 @@ class DummyFTPHandler(asynchat.async_chat):
|
|||
self.last_received_data = ''
|
||||
self.next_response = ''
|
||||
self.rest = None
|
||||
self.next_retr_data = RETR_DATA
|
||||
self.push('220 welcome')
|
||||
|
||||
def collect_incoming_data(self, data):
|
||||
|
@ -199,7 +200,7 @@ class DummyFTPHandler(asynchat.async_chat):
|
|||
offset = int(self.rest)
|
||||
else:
|
||||
offset = 0
|
||||
self.dtp.push(RETR_DATA[offset:])
|
||||
self.dtp.push(self.next_retr_data[offset:])
|
||||
self.dtp.close_when_done()
|
||||
self.rest = None
|
||||
|
||||
|
@ -213,6 +214,11 @@ class DummyFTPHandler(asynchat.async_chat):
|
|||
self.dtp.push(NLST_DATA)
|
||||
self.dtp.close_when_done()
|
||||
|
||||
def cmd_setlongretr(self, arg):
|
||||
# For testing. Next RETR will return long line.
|
||||
self.next_retr_data = 'x' * int(arg)
|
||||
self.push('125 setlongretr ok')
|
||||
|
||||
|
||||
class DummyFTPServer(asyncore.dispatcher, threading.Thread):
|
||||
|
||||
|
@ -628,6 +634,20 @@ class TestFTPClass(TestCase):
|
|||
self.assertEqual(ftplib.parse257('257 "/foo/b""ar"'), '/foo/b"ar')
|
||||
self.assertEqual(ftplib.parse257('257 "/foo/b""ar" created'), '/foo/b"ar')
|
||||
|
||||
def test_line_too_long(self):
|
||||
self.assertRaises(ftplib.Error, self.client.sendcmd,
|
||||
'x' * self.client.maxline * 2)
|
||||
|
||||
def test_retrlines_too_long(self):
|
||||
self.client.sendcmd('SETLONGRETR %d' % (self.client.maxline * 2))
|
||||
received = []
|
||||
self.assertRaises(ftplib.Error,
|
||||
self.client.retrlines, 'retr', received.append)
|
||||
|
||||
def test_storlines_too_long(self):
|
||||
f = io.BytesIO(b'x' * self.client.maxline * 2)
|
||||
self.assertRaises(ftplib.Error, self.client.storlines, 'stor', f)
|
||||
|
||||
|
||||
class TestIPv6Environment(TestCase):
|
||||
|
||||
|
|
|
@ -10,6 +10,10 @@ What's New in Python 3.2.6?
|
|||
Library
|
||||
-------
|
||||
|
||||
- Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by
|
||||
limiting the call to readline(). Original patch by Michał
|
||||
Jastrzębski and Giampaolo Rodola.
|
||||
|
||||
- Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than
|
||||
100 headers are read. Adapted from patch by Jyrki Pulliainen.
|
||||
|
||||
|
|
Loading…
Reference in New Issue