#16042: CVE-2013-1752: smtplib fix for unlimited readline() from socket

2025-11-25 04:34:37 +00:00 · 2014-01-25 09:02:18 +01:00 · 2014-01-25 09:02:18 +01:00 · c11435399e
commit c11435399e
parent f580d5b6f7
4 changed files with 43 additions and 4 deletions
--- a/Lib/test/test_smtplib.py
+++ b/Lib/test/test_smtplib.py
@ -569,6 +569,33 @@ class BadHELOServerTests(unittest.TestCase):
                            HOST, self.port, 'localhost', 3)


+@unittest.skipUnless(threading, 'Threading required for this test.')
+class TooLongLineTests(unittest.TestCase):
+    respdata = b'250 OK' + (b'.' * smtplib._MAXLINE * 2) + b'\n'
+
+    def setUp(self):
+        self.old_stdout = sys.stdout
+        self.output = io.StringIO()
+        sys.stdout = self.output
+
+        self.evt = threading.Event()
+        self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        self.sock.settimeout(15)
+        self.port = support.bind_port(self.sock)
+        servargs = (self.evt, self.respdata, self.sock)
+        threading.Thread(target=server, args=servargs).start()
+        self.evt.wait()
+        self.evt.clear()
+
+    def tearDown(self):
+        self.evt.wait()
+        sys.stdout = self.old_stdout
+
+    def testLineTooLong(self):
+        self.assertRaises(smtplib.SMTPResponseException, smtplib.SMTP,
+                          HOST, self.port, 'localhost', 3)
+
+
 sim_users = {'Mr.A@somewhere.com':'John A',
             'Ms.B@xn--fo-fka.com':'Sally B',
             'Mrs.C@somewhereesle.com':'Ruth C',
@ -885,7 +912,8 @@ class SMTPSimTests(unittest.TestCase):
 def test_main(verbose=None):
    support.run_unittest(GeneralTests, DebuggingServerTests,
                              NonConnectingTests,
-                              BadHELOServerTests, SMTPSimTests)
+                              BadHELOServerTests, SMTPSimTests,
+                              TooLongLineTests)

 if __name__ == '__main__':
    test_main()