From 16d63202af35dadd652a5e3eae687ea709e95b11 Mon Sep 17 00:00:00 2001
From: Victor Stinner <vstinner@redhat.com>
Date: Wed, 12 Dec 2018 12:05:59 +0100
Subject: bpo-16039: CVE-2013-1752: Limit imaplib.IMAP4_SSL.readline()
 (GH-11120)

* bpo-16039: CVE-2013-1752: Change use of readline() in
  imaplib.IMAP4_SSL to limit line length. Remove IMAP4_SSL.readline()
  and IMAP4_SSL.read() to inherit safe IMAP4 implementation.
* bpo-20118: reenable test_linetoolong() of test_imaplib
  on ThreadedNetworkedTests and ThreadedNetworkedTestsSSL.
  The test now sets the _MAXLINE limit to 10 characters.
---
 Lib/imaplib.py                                            | 10 ----------
 Lib/test/test_imaplib.py                                  | 15 ++++++++-------
 .../Security/2018-12-11-16-00-57.bpo-16039.PCj2n4.rst     |  2 ++
 3 files changed, 10 insertions(+), 17 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Security/2018-12-11-16-00-57.bpo-16039.PCj2n4.rst

diff --git a/Lib/imaplib.py b/Lib/imaplib.py
index 2e5511e024..679c468251 100644
--- a/Lib/imaplib.py
+++ b/Lib/imaplib.py
@@ -1182,16 +1182,6 @@ else:
             self.file = self.sslobj.makefile('rb')
 
 
-        def read(self, size):
-            """Read 'size' bytes from remote."""
-            return self.file.read(size)
-
-
-        def readline(self):
-            """Read line from remote."""
-            return self.file.readline()
-
-
         def send(self, data):
             """Send data to remote."""
             bytes = len(data)
diff --git a/Lib/test/test_imaplib.py b/Lib/test/test_imaplib.py
index 405b7ea8dd..acaad63b6a 100644
--- a/Lib/test/test_imaplib.py
+++ b/Lib/test/test_imaplib.py
@@ -166,14 +166,18 @@ class BaseThreadedNetworkedTests(unittest.TestCase):
 
 
     def test_linetoolong(self):
+        maxline = 10
+
         class TooLongHandler(SimpleIMAPHandler):
             def handle(self):
                 # Send a very long response line
-                self.wfile.write('* OK ' + imaplib._MAXLINE*'x' + '\r\n')
+                self.wfile.write('* OK ' + maxline * 'x' + '\r\n')
 
-        with self.reaped_server(TooLongHandler) as server:
-            self.assertRaises(imaplib.IMAP4.error,
-                              self.imap_class, *server.server_address)
+        with self.reaped_server(TooLongHandler) as server, \
+                 support.swap_attr(imaplib, '_MAXLINE', maxline):
+            with self.assertRaisesRegexp(imaplib.IMAP4.error,
+                    'got more than 10 bytes'):
+                self.imap_class(*server.server_address)
 
 class ThreadedNetworkedTests(BaseThreadedNetworkedTests):
 
@@ -187,9 +191,6 @@ class ThreadedNetworkedTestsSSL(BaseThreadedNetworkedTests):
     server_class = SecureTCPServer
     imap_class = IMAP4_SSL
 
-    def test_linetoolong(self):
-        raise unittest.SkipTest("test is not reliable on 2.7; see issue 20118")
-
 
 class RemoteIMAPTest(unittest.TestCase):
     host = 'cyrus.andrew.cmu.edu'
diff --git a/Misc/NEWS.d/next/Security/2018-12-11-16-00-57.bpo-16039.PCj2n4.rst b/Misc/NEWS.d/next/Security/2018-12-11-16-00-57.bpo-16039.PCj2n4.rst
new file mode 100644
index 0000000000..ff9ff47e08
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2018-12-11-16-00-57.bpo-16039.PCj2n4.rst
@@ -0,0 +1,2 @@
+CVE-2013-1752: Change use of ``readline()`` in :class:`imaplib.IMAP4_SSL` to
+limit line length.
-- 
cgit v1.2.1