[issue16041] poplib: unlimited readline() from connection
R. David Murray added the comment: It has been, see the referenced issue. Now we just need someone to write a patch. -- nosy: +r.david.murray ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Stephen Coulson added the comment: Broke for me today. Hacked the _MAXLINE to get around it. I don't see any size limit on multi-line in rfc. Only requirement is dot-stuffing. I think this fix might need a rethink. -- nosy: +scoulson ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Chris Smowton added the comment: +1 to the above; suggest this should be rolled back and replaced with a total message size limit. -- nosy: +Chris Smowton ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Ingo Ruhnke added the comment: This fix has broken mail retrieval from both gmx.de, gmail.com and plenty of other provider. It manifests in getmail as: Retrieval error: server for BrokenUIDLPOP3SSLRetriever:1860...@pop.gmx.net:995 is broken; offered message 239 but failed to provide it. Please notify the administrator of the server. Skipping message... After setting the _MAXLINE in /usr/lib/python2.7/poplib.py to something higher everything was working again. See issue #23906 -- nosy: +Ingo Ruhnke ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Roundup Robot added the comment: New changeset 339f877cca11 by Benjamin Peterson in branch '2.7': in poplib, limit maximum line length that we read from the network (closes #16041) https://hg.python.org/cpython/rev/339f877cca11 -- resolution: - fixed stage: patch review - resolved status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Matthias Klose added the comment: this looks ok to me, can we apply this for 2.7.9? -- nosy: +doko ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Berker Peksag added the comment: Here is a patch for 2.7. -- nosy: +berker.peksag stage: needs patch - patch review Added file: http://bugs.python.org/file36970/issue16041_27.diff ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Changes by Berker Peksag berker.pek...@gmail.com: Added file: http://bugs.python.org/file36971/issue16041_27.diff ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Changes by Berker Peksag berker.pek...@gmail.com: Removed file: http://bugs.python.org/file36970/issue16041_27.diff ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Changes by Georg Brandl ge...@python.org: -- versions: -Python 3.1 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Roundup Robot added the comment: New changeset 76be07730f8d by Georg Brandl in branch '3.2': Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to https://hg.python.org/cpython/rev/76be07730f8d -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Changes by Georg Brandl ge...@python.org: -- versions: -Python 3.2 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Roundup Robot added the comment: New changeset 68029048c9c6 by Georg Brandl in branch '3.3': Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to http://hg.python.org/cpython/rev/68029048c9c6 -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Georg Brandl added the comment: Also merged to default. -- versions: -Python 3.3, Python 3.4 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Jyrki Pulliainen added the comment: Here's a max line lenght fix for 3.2 (applies on 3.4 too). I wonder if _getlongresp should have some max length detection too for max length of a multiline response -- Added file: http://bugs.python.org/file32335/issue16041_py32.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Larry Hastings added the comment: Ping. Please fix before beta 1. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Jyrki Pulliainen added the comment: Added a test for SSL, if SSL is available -- Added file: http://bugs.python.org/file31923/issue16041_py26_with_ssl.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Roundup Robot added the comment: New changeset 7214e3324a45 by Barry Warsaw in branch '2.6': - Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to http://hg.python.org/cpython/rev/7214e3324a45 -- nosy: +python-dev ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Changes by Barry A. Warsaw ba...@python.org: -- versions: -Python 2.6 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Barry A. Warsaw added the comment: On Sep 30, 2013, at 08:41 PM, Arfrever Frehtes Taifersar Arahesis wrote: Arfrever Frehtes Taifersar Arahesis added the comment: New changeset 7214e3324a45 by Barry Warsaw in branch '2.6': - Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to http://hg.python.org/cpython/rev/7214e3324a45 ... --- a/Misc/NEWS +++ b/Misc/NEWS ... +- Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to + prevent readline() calls from consuming too much member. Maybe s/member/memory/ ? Good catch, thanks. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Arfrever Frehtes Taifersar Arahesis added the comment: New changeset 7214e3324a45 by Barry Warsaw in branch '2.6': - Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to http://hg.python.org/cpython/rev/7214e3324a45 ... --- a/Misc/NEWS +++ b/Misc/NEWS ... +- Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to + prevent readline() calls from consuming too much member. Maybe s/member/memory/ ? -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Jyrki Pulliainen added the comment: Attached a patch for 2.6. Due to how tests are in 2.6, this adds one more test case with evil server, which basically just returns too long lines. -- Added file: http://bugs.python.org/file31913/issue16041_py26.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Barry A. Warsaw added the comment: Looks good, although only the POP3 exception is actually tested. The POP3_SSL exception isn't tested. Any chance you could add a test for that (obviously, only if `import ssl` succeeds)? -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com: -- nosy: +barry priority: critical - release blocker versions: +Python 2.6, Python 3.1 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Benjamin Peterson added the comment: Not blocking 2.7.4 as discussed on mailing list. -- priority: release blocker - critical ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Jyrki Pulliainen added the comment: Added a functionality that raises error_proto('line too long') if we read over _MAXLINE characters. Defaults _MAXLINE to 2048. The patch is written on top of 2.7 -- keywords: +patch nosy: +nailor Added file: http://bugs.python.org/file29198/issue16041.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com: -- nosy: +Arfrever ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Christian Heimes added the comment: RFC 1939 says: Responses in the POP3 consist of a status indicator and a keyword possibly followed by additional information. All responses are terminated by a CRLF pair. Responses may be up to 512 characters long, including the terminating CRLF. It doesn't say anything about the length of a line in a multi-line response. It's reasonable to belief that 512 octets are valid, too. We could quadruple the limit to 2048 in order to be safe. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Christian Heimes added the comment: CVE-2013-1752 Unbound readline() DoS vulnerabilities in Python stdlib -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Changes by Christian Heimes li...@cheimes.de: -- nosy: +benjamin.peterson, georg.brandl, larry priority: critical - release blocker ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Changes by Giampaolo Rodola' g.rod...@gmail.com: -- nosy: +giampaolo.rodola ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
Changes by Christian Heimes li...@cheimes.de: -- assignee: - christian.heimes priority: normal - critical stage: - needs patch versions: +Python 3.4 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16041] poplib: unlimited readline() from connection
New submission from Christian Heimes: This bug is similar to #16037 and a modified copy of #16038. The poplib module doesn't limit the amount of read data in its call to readline(). An erroneous or malicious POP3 server can trick the poplib module to consume large amounts of memory. Suggestion: The poplib module should be modified to use limited readline() with _MAXLINE like the httplib module. -- components: Library (Lib) messages: 171244 nosy: christian.heimes priority: normal severity: normal status: open title: poplib: unlimited readline() from connection type: resource usage versions: Python 2.7, Python 3.2, Python 3.3 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16041 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com