Jakub Wilk added the comment:
For the reference, the exception is:
Traceback (most recent call last):
File "/home/user/sources/sinntp/sinntp", line 357, in <module>
connection.quit()
File "/usr/lib/python2.7/nntplib.py", line 608, in quit
resp = self.shortcmd('QUIT')
File "/usr/lib/python2.7/nntplib.py", line 268, in shortcmd
return self.getresp()
File "/usr/lib/python2.7/nntplib.py", line 223, in getresp
resp = self.getline()
File "/usr/lib/python2.7/nntplib.py", line 212, in getline
raise NNTPDataError('line too long')
nntplib.NNTPDataError: line too long
The change in the behavior is intentional. The maximum line length has been
limited to 2048 to prevent denial of service. This is issue #16040 aka
CVE-2013-1752.
This is what relevant standards say:
RFC 3977 §3.1.1: “This document does not place any limit on the length of a
line in a multi-line block. However, the standards that define the format of
articles may do so.”
RFC 5322 §2.1.1: “Each line of characters MUST be no more than 998 characters,
and SHOULD be no more than 78 characters, excluding the CRLF.”
The message that sinntp tripped over had lines longer than RFC 5322 permits, so
it shouldn't have been accepted by the server in the first place.
I don't think there's much to be fixed on the Python side.
What could be improved is error handling in sinntp; but let's discuss this in
the sinntp bug tracker. :)
----------
nosy: +jwilk
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue21334>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
