summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Lib/imaplib.py10
-rw-r--r--Lib/test/test_imaplib.py15
-rw-r--r--Misc/NEWS.d/next/Security/2018-12-11-16-00-57.bpo-16039.PCj2n4.rst2
3 files changed, 10 insertions, 17 deletions
diff --git a/Lib/imaplib.py b/Lib/imaplib.py
index 2e5511e024..679c468251 100644
--- a/Lib/imaplib.py
+++ b/Lib/imaplib.py
@@ -1182,16 +1182,6 @@ else:
self.file = self.sslobj.makefile('rb')
- def read(self, size):
- """Read 'size' bytes from remote."""
- return self.file.read(size)
-
-
- def readline(self):
- """Read line from remote."""
- return self.file.readline()
-
-
def send(self, data):
"""Send data to remote."""
bytes = len(data)
diff --git a/Lib/test/test_imaplib.py b/Lib/test/test_imaplib.py
index 405b7ea8dd..acaad63b6a 100644
--- a/Lib/test/test_imaplib.py
+++ b/Lib/test/test_imaplib.py
@@ -166,14 +166,18 @@ class BaseThreadedNetworkedTests(unittest.TestCase):
def test_linetoolong(self):
+ maxline = 10
+
class TooLongHandler(SimpleIMAPHandler):
def handle(self):
# Send a very long response line
- self.wfile.write('* OK ' + imaplib._MAXLINE*'x' + '\r\n')
+ self.wfile.write('* OK ' + maxline * 'x' + '\r\n')
- with self.reaped_server(TooLongHandler) as server:
- self.assertRaises(imaplib.IMAP4.error,
- self.imap_class, *server.server_address)
+ with self.reaped_server(TooLongHandler) as server, \
+ support.swap_attr(imaplib, '_MAXLINE', maxline):
+ with self.assertRaisesRegexp(imaplib.IMAP4.error,
+ 'got more than 10 bytes'):
+ self.imap_class(*server.server_address)
class ThreadedNetworkedTests(BaseThreadedNetworkedTests):
@@ -187,9 +191,6 @@ class ThreadedNetworkedTestsSSL(BaseThreadedNetworkedTests):
server_class = SecureTCPServer
imap_class = IMAP4_SSL
- def test_linetoolong(self):
- raise unittest.SkipTest("test is not reliable on 2.7; see issue 20118")
-
class RemoteIMAPTest(unittest.TestCase):
host = 'cyrus.andrew.cmu.edu'
diff --git a/Misc/NEWS.d/next/Security/2018-12-11-16-00-57.bpo-16039.PCj2n4.rst b/Misc/NEWS.d/next/Security/2018-12-11-16-00-57.bpo-16039.PCj2n4.rst
new file mode 100644
index 0000000000..ff9ff47e08
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2018-12-11-16-00-57.bpo-16039.PCj2n4.rst
@@ -0,0 +1,2 @@
+CVE-2013-1752: Change use of ``readline()`` in :class:`imaplib.IMAP4_SSL` to
+limit line length.
View Lorry Controller Status