Description: CVE-2024-27305 - SMTP smuggling
 SMTP smuggling due to poor handling of
 non-standard line endings
Author: Dale Richards <dale@dalerichards.net>
Origin: upstream, https://github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb
Bug: https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-pr2m-px7j-xg65
Last-Update: 2024-06-07
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/aiosmtpd/smtp.py
+++ b/aiosmtpd/smtp.py
@@ -31,7 +31,7 @@
 
 DATA_SIZE_DEFAULT = 33554432
 EMPTYBYTES = b''
-NEWLINE = '\n'
+NEWLINE = '\r\n'
 
 
 class _Missing:
@@ -876,7 +876,8 @@
         size_exceeded = False
         while self.transport is not None:           # pragma: nobranch
             try:
-                line = await self._reader.readline()
+                # https://datatracker.ietf.org/doc/html/rfc5321#section-2.3.8
+                line: bytes = await self._reader.readuntil(b'\r\n')
                 log.debug('DATA readline: %s', line)
             except asyncio.CancelledError:
                 # The connection got reset during the DATA command.