diff options
-rw-r--r-- | Lib/imaplib.py | 10 | ||||
-rw-r--r-- | Lib/test/test_imaplib.py | 15 | ||||
-rw-r--r-- | Misc/NEWS.d/next/Security/2018-12-11-16-00-57.bpo-16039.PCj2n4.rst | 2 |
3 files changed, 10 insertions, 17 deletions
diff --git a/Lib/imaplib.py b/Lib/imaplib.py index 2e5511e024..679c468251 100644 --- a/Lib/imaplib.py +++ b/Lib/imaplib.py @@ -1182,16 +1182,6 @@ else: self.file = self.sslobj.makefile('rb') - def read(self, size): - """Read 'size' bytes from remote.""" - return self.file.read(size) - - - def readline(self): - """Read line from remote.""" - return self.file.readline() - - def send(self, data): """Send data to remote.""" bytes = len(data) diff --git a/Lib/test/test_imaplib.py b/Lib/test/test_imaplib.py index 405b7ea8dd..acaad63b6a 100644 --- a/Lib/test/test_imaplib.py +++ b/Lib/test/test_imaplib.py @@ -166,14 +166,18 @@ class BaseThreadedNetworkedTests(unittest.TestCase): def test_linetoolong(self): + maxline = 10 + class TooLongHandler(SimpleIMAPHandler): def handle(self): # Send a very long response line - self.wfile.write('* OK ' + imaplib._MAXLINE*'x' + '\r\n') + self.wfile.write('* OK ' + maxline * 'x' + '\r\n') - with self.reaped_server(TooLongHandler) as server: - self.assertRaises(imaplib.IMAP4.error, - self.imap_class, *server.server_address) + with self.reaped_server(TooLongHandler) as server, \ + support.swap_attr(imaplib, '_MAXLINE', maxline): + with self.assertRaisesRegexp(imaplib.IMAP4.error, + 'got more than 10 bytes'): + self.imap_class(*server.server_address) class ThreadedNetworkedTests(BaseThreadedNetworkedTests): @@ -187,9 +191,6 @@ class ThreadedNetworkedTestsSSL(BaseThreadedNetworkedTests): server_class = SecureTCPServer imap_class = IMAP4_SSL - def test_linetoolong(self): - raise unittest.SkipTest("test is not reliable on 2.7; see issue 20118") - class RemoteIMAPTest(unittest.TestCase): host = 'cyrus.andrew.cmu.edu' diff --git a/Misc/NEWS.d/next/Security/2018-12-11-16-00-57.bpo-16039.PCj2n4.rst b/Misc/NEWS.d/next/Security/2018-12-11-16-00-57.bpo-16039.PCj2n4.rst new file mode 100644 index 0000000000..ff9ff47e08 --- /dev/null +++ b/Misc/NEWS.d/next/Security/2018-12-11-16-00-57.bpo-16039.PCj2n4.rst @@ -0,0 +1,2 @@ +CVE-2013-1752: Change use of ``readline()`` in :class:`imaplib.IMAP4_SSL` to +limit line length. |