diff options
Diffstat (limited to 'meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-smtplib-fix.patch')
-rw-r--r-- | meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-smtplib-fix.patch | 101 |
1 files changed, 0 insertions, 101 deletions
diff --git a/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-smtplib-fix.patch b/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-smtplib-fix.patch deleted file mode 100644 index f34ff40ea5..0000000000 --- a/meta/recipes-devtools/python/python/python-2.7.3-CVE-2013-1752-smtplib-fix.patch +++ /dev/null @@ -1,101 +0,0 @@ -Upstream-Status: Backport - -Reference: http://bugs.python.org/issue16042 - -CVE-2013-1752: smtplib: Limit amount of data read by limiting the -call to readline(). Original patch by Christian Heimes - -Signed-off-by: Maxin B. John <maxin.john@enea.com> ---- -diff -Naur Python-2.7.3-orig/Lib/smtplib.py Python-2.7.3/Lib/smtplib.py ---- Python-2.7.3-orig/Lib/smtplib.py 2012-04-10 01:07:31.000000000 +0200 -+++ Python-2.7.3/Lib/smtplib.py 2014-02-27 14:15:24.444198465 +0100 -@@ -57,6 +57,7 @@ - SMTP_PORT = 25 - SMTP_SSL_PORT = 465 - CRLF = "\r\n" -+_MAXLINE = 8192 # more than 8 times larger than RFC 821, 4.5.3 - - OLDSTYLE_AUTH = re.compile(r"auth=(.*)", re.I) - -@@ -179,10 +180,14 @@ - def __init__(self, sslobj): - self.sslobj = sslobj - -- def readline(self): -+ def readline(self, size=-1): -+ if size < 0: -+ size = None - str = "" - chr = None - while chr != "\n": -+ if size is not None and len(str) >= size: -+ break - chr = self.sslobj.read(1) - if not chr: - break -@@ -351,7 +356,7 @@ - self.file = self.sock.makefile('rb') - while 1: - try: -- line = self.file.readline() -+ line = self.file.readline(_MAXLINE + 1) - except socket.error as e: - self.close() - raise SMTPServerDisconnected("Connection unexpectedly closed: " -@@ -361,6 +366,8 @@ - raise SMTPServerDisconnected("Connection unexpectedly closed") - if self.debuglevel > 0: - print>>stderr, 'reply:', repr(line) -+ if len(line) > _MAXLINE: -+ raise SMTPResponseException(500, "Line too long.") - resp.append(line[4:].strip()) - code = line[:3] - # Check that the error code is syntactically correct. -diff -Naur Python-2.7.3-orig/Lib/test/test_smtplib.py Python-2.7.3/Lib/test/test_smtplib.py ---- Python-2.7.3-orig/Lib/test/test_smtplib.py 2012-04-10 01:07:32.000000000 +0200 -+++ Python-2.7.3/Lib/test/test_smtplib.py 2014-02-27 14:15:24.448198293 +0100 -@@ -292,6 +292,33 @@ - HOST, self.port, 'localhost', 3) - - -+@unittest.skipUnless(threading, 'Threading required for this test.') -+class TooLongLineTests(unittest.TestCase): -+ respdata = '250 OK' + ('.' * smtplib._MAXLINE * 2) + '\n' -+ -+ def setUp(self): -+ self.old_stdout = sys.stdout -+ self.output = StringIO.StringIO() -+ sys.stdout = self.output -+ -+ self.evt = threading.Event() -+ self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) -+ self.sock.settimeout(15) -+ self.port = test_support.bind_port(self.sock) -+ servargs = (self.evt, self.respdata, self.sock) -+ threading.Thread(target=server, args=servargs).start() -+ self.evt.wait() -+ self.evt.clear() -+ -+ def tearDown(self): -+ self.evt.wait() -+ sys.stdout = self.old_stdout -+ -+ def testLineTooLong(self): -+ self.assertRaises(smtplib.SMTPResponseException, smtplib.SMTP, -+ HOST, self.port, 'localhost', 3) -+ -+ - sim_users = {'Mr.A@somewhere.com':'John A', - 'Ms.B@somewhere.com':'Sally B', - 'Mrs.C@somewhereesle.com':'Ruth C', -@@ -511,7 +538,8 @@ - def test_main(verbose=None): - test_support.run_unittest(GeneralTests, DebuggingServerTests, - NonConnectingTests, -- BadHELOServerTests, SMTPSimTests) -+ BadHELOServerTests, SMTPSimTests, -+ TooLongLineTests) - - if __name__ == '__main__': - test_main() |