New submission from Christian Heimes:

This bug is similar to #16037 and a modified copy of #16038.

The smtplib module doesn't limit the amount of read data in its call to 
readline(). An erroneous or malicious SMTP server can trick the smtplib module 
to consume large amounts of memory.

The smtplib module should be modified to use limited readline() with _MAXLINE 
like the httplib module.

components: Library (Lib)
messages: 171245
nosy: christian.heimes
priority: normal
severity: normal
status: open
title: smtplib: unlimited readline() from connection
type: resource usage
versions: Python 2.7, Python 3.2, Python 3.3

Python tracker <>
Python-bugs-list mailing list

Reply via email to