[issue16040] nntplib: unlimited readline() from connection

[Roundup Robot]

Roundup Robot added the comment:

New changeset 985bda4edf9d by Georg Brandl in branch '3.2':
#16040: fix unlimited read from connection in nntplib.
https://hg.python.org/cpython/rev/985bda4edf9d

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Terry J. Reedy]

Terry J. Reedy added the comment:

3.1 is finished and Georg decided to skip 3.2.

--
nosy: +terry.reedy
resolution:  - fixed
stage: needs patch - resolved
status: open - closed

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Roundup Robot]

Roundup Robot added the comment:

New changeset 5be778fec115 by Berker Peksag in branch '3.4':
Issues #21948 and #16040: Fix typos.
http://hg.python.org/cpython/rev/5be778fec115

New changeset 051cc4f60384 by Berker Peksag in branch 'default':
Issues #21948 and #16040: Merge with 3.4.
http://hg.python.org/cpython/rev/051cc4f60384

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Francis MB]

Francis MB added the comment:

Just a small detail on the patches, they seem to have a typo
(lenght vs. length) on the line:

 reading arbitrary lenght lines. RFC 3977 limits NNTP line length to

--
nosy: +francismb

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Roundup Robot]

Roundup Robot added the comment:

New changeset fc88bd80d925 by Georg Brandl in branch '3.3':
Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to
http://hg.python.org/cpython/rev/fc88bd80d925

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Georg Brandl]

Georg Brandl added the comment:

Also merged to default.

--
versions:  -Python 3.3, Python 3.4

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Jyrki Pulliainen]

Jyrki Pulliainen added the comment:

...and here's a patch for 3.2

--
Added file: http://bugs.python.org/file32339/issue16040_py32.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Larry Hastings]

Larry Hastings added the comment:

Ping.  Please fix before beta 1.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Arfrever Frehtes Taifersar Arahesis]

Arfrever Frehtes Taifersar Arahesis added the comment:

 New changeset 731abf7834c4 by Barry Warsaw in branch '2.6':
 - Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to
 http://hg.python.org/cpython/rev/731abf7834c4
 
 New changeset 36680a7c0e22 by Barry Warsaw in branch '2.7':
 - Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to
 http://hg.python.org/cpython/rev/36680a7c0e22

s/lenght/length/ in new comment in Lib/nntplib.py

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Barry A. Warsaw]

Barry A. Warsaw added the comment:

On Oct 01, 2013, at 01:44 PM, Arfrever Frehtes Taifersar Arahesis wrote:

s/lenght/length/ in new comment in Lib/nntplib.py

Fixed, thanks.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Jyrki Pulliainen]

Jyrki Pulliainen added the comment:

Regarding the implementation: all commands (even those returning multiple 
lines), use the same readline method.

I've attached a patch for 2.6, working on the 2.7+ too.

--
keywords: +patch
nosy: +nailor
Added file: http://bugs.python.org/file31927/issue16040_py26.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Barry A. Warsaw]

Barry A. Warsaw added the comment:

Looks great, thanks!  I'll apply this to 2.6.9 but let others forward port it 
to 2.7.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Jyrki Pulliainen]

Jyrki Pulliainen added the comment:

The patch for 2.6 applies cleanly on 2.7 too and the tests pass there

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Jyrki Pulliainen]

Jyrki Pulliainen added the comment:

Did a slight change to the patch, making the too long line to look like a valid 
line so that it does not raise a NNTPProtocolError otherwise. Thanks to Barry 
for catching this :)

I also wonder if there should be data error risen instead? Current docstrings 
of the errors are not that well fit.

--
Added file: http://bugs.python.org/file31928/issue16040_py26_v2.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Barry A. Warsaw]

Barry A. Warsaw added the comment:

On Sep 30, 2013, at 09:43 PM, Jyrki Pulliainen wrote:

I also wonder if there should be data error risen instead? Current docstrings
of the errors are not that well fit.

I guess a data error makes the least nonsense here, so I'll change it over to
that.  I'm happy to entertain other thoughts (except for introducing a new
exception of course) before 2.6.9 final.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Barry A. Warsaw]

Changes by Barry A. Warsaw ba...@python.org:


--
versions:  -Python 2.7

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Roundup Robot]

Roundup Robot added the comment:

New changeset 731abf7834c4 by Barry Warsaw in branch '2.6':
- Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to
http://hg.python.org/cpython/rev/731abf7834c4

New changeset 36680a7c0e22 by Barry Warsaw in branch '2.7':
- Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to
http://hg.python.org/cpython/rev/36680a7c0e22

--
nosy: +python-dev

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Barry A. Warsaw]

Changes by Barry A. Warsaw ba...@python.org:


--
versions:  -Python 2.6

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Barry A. Warsaw]

Barry A. Warsaw added the comment:

Any more thoughts on this bug w.r.t. 2.6.9?  It seems that without a patch for 
any version of Python, and with 2.6.9 coming soon, a fix for this just won't 
make it into 2.6.9.  

That doesn't bother me too much, and I'm willing to just knock this off the 
2.6.9 radar unless objections (accompanied by patches? :) are raised.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Arfrever Frehtes Taifersar Arahesis]

Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:


--
versions: +Python 2.6, Python 3.1

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Barry A. Warsaw]

Barry A. Warsaw added the comment:

blocker for 2.6.9

--
nosy: +barry
priority: critical - release blocker

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Benjamin Peterson]

Benjamin Peterson added the comment:

Not blocking 2.7.4 as discussed on mailing list.

--
priority: release blocker - critical

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Arfrever Frehtes Taifersar Arahesis]

Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:


--
nosy: +Arfrever

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Christian Heimes]

Christian Heimes added the comment:

RFC 3977 specifies:

  Command lines MUST NOT exceed 512 octets, which includes
  the terminating CRLF pair.

However NNTP also have multi-line data blocks. The RFC says nothing about the 
maximum length of a data line. We may need two limits here, one for command 
lines (2048 perhaps) and one much larger for data lines (a couple of MB?).

Can somebody check other implementations?

--
stage:  - needs patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Christian Heimes]

Christian Heimes added the comment:

CVE-2013-1752  Unbound readline() DoS vulnerabilities in Python stdlib

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Christian Heimes]

Changes by Christian Heimes li...@cheimes.de:


--
nosy: +benjamin.peterson, georg.brandl, larry
priority: critical - release blocker

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Giampaolo Rodola']

Changes by Giampaolo Rodola' g.rod...@gmail.com:


--
nosy: +giampaolo.rodola

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Christian Heimes]

Changes by Christian Heimes li...@cheimes.de:


--
assignee:  - christian.heimes
priority: normal - critical
versions: +Python 3.4

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Hynek Schlawack]

Hynek Schlawack added the comment:

Any suggestions on the value for _MAXLINE or just steal the 64k from httplib?

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Christian Heimes]

New submission from Christian Heimes:

This bug is similar to #16037 and a modified copy of #16038.

The nntplib module doesn't limit the amount of read data in its call to 
readline(). An erroneous or malicious news server can trick the nntplib module 
to consume large amounts of memory.

Suggestion:
The nntplib module should be modified to use limited readline() with _MAXLINE 
like the httplib module.

--
components: Library (Lib)
messages: 171243
nosy: christian.heimes
priority: normal
severity: normal
status: open
title: nntplib: unlimited readline() from connection
type: resource usage
versions: Python 2.7, Python 3.2, Python 3.3

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16040] nntplib: unlimited readline() from connection

[Hynek Schlawack]

Changes by Hynek Schlawack h...@ox.cx:


--
nosy: +hynek

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com