Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by

limiting the call to readline(). Original patch by Michał Jastrzębski and Giampaolo Rodola.
2025-08-04 08:59:19 +00:00 · 2013-10-20 16:58:27 +03:00 · 2013-10-20 16:58:27 +03:00 · c30b178cbc
commit c30b178cbc
parent 0abb21884c
3 changed files with 43 additions and 6 deletions
--- a/Lib/ftplib.py
+++ b/Lib/ftplib.py
@ -49,6 +49,8 @@ MSG_OOB = 0x1                           # Process data out of band

 # The standard FTP server control port
 FTP_PORT = 21
+# The sizehint parameter passed to readline() calls
+MAXLINE = 8192


 # Exception raised when an error or invalid response is received
@ -96,6 +98,7 @@ class FTP:
    debugging = 0
    host = ''
    port = FTP_PORT
+    maxline = MAXLINE
    sock = None
    file = None
    welcome = None
@ -194,7 +197,9 @@ class FTP:
    # Internal: return one line from the server, stripping CRLF.
    # Raise EOFError if the connection is closed
    def getline(self):
-        line = self.file.readline()
+        line = self.file.readline(self.maxline + 1)
+        if len(line) > self.maxline:
+            raise Error("got more than %d bytes" % self.maxline)
        if self.debugging > 1:
            print('*get*', self.sanitize(line))
        if not line: raise EOFError
@ -446,7 +451,9 @@ class FTP:
        with self.transfercmd(cmd) as conn, \
                 conn.makefile('r', encoding=self.encoding) as fp:
            while 1:
-                line = fp.readline()
+                line = fp.readline(self.maxline + 1)
+                if len(line) > self.maxline:
+                    raise Error("got more than %d bytes" % self.maxline)
                if self.debugging > 2: print('*retr*', repr(line))
                if not line:
                    break
@ -496,7 +503,9 @@ class FTP:
        self.voidcmd('TYPE A')
        with self.transfercmd(cmd) as conn:
            while 1:
-                buf = fp.readline()
+                buf = fp.readline(self.maxline + 1)
+                if len(buf) > self.maxline:
+                    raise Error("got more than %d bytes" % self.maxline)
                if not buf: break
                if buf[-2:] != B_CRLF:
                    if buf[-1] in B_CRLF: buf = buf[:-1]
@ -773,7 +782,9 @@ else:
            fp = conn.makefile('r', encoding=self.encoding)
            with fp, conn:
                while 1:
-                    line = fp.readline()
+                    line = fp.readline(self.maxline + 1)
+                    if len(line) > self.maxline:
+                        raise Error("got more than %d bytes" % self.maxline)
                    if self.debugging > 2: print('*retr*', repr(line))
                    if not line:
                        break
@ -804,7 +815,9 @@ else:
            self.voidcmd('TYPE A')
            with self.transfercmd(cmd) as conn:
                while 1:
-                    buf = fp.readline()
+                    buf = fp.readline(self.maxline + 1)
+                    if len(buf) > self.maxline:
+                        raise Error("got more than %d bytes" % self.maxline)
                    if not buf: break
                    if buf[-2:] != B_CRLF:
                        if buf[-1] in B_CRLF: buf = buf[:-1]