summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKrzysztof Wojcik <wojcikk2903@users.noreply.github.com>2019-05-14 16:55:23 (GMT)
committerVictor Stinner <vstinner@redhat.com>2019-05-14 16:55:23 (GMT)
commitc1f5667be1e3ec5871560c677402c1252c6018a6 (patch)
tree199ab3f8a68ef855b41a086ce280faff1ca817bf
parent4d45a3b1107977baba9dce868e80d1d95bce4085 (diff)
downloadcpython-c1f5667be1e3ec5871560c677402c1252c6018a6.zip
cpython-c1f5667be1e3ec5871560c677402c1252c6018a6.tar.gz
cpython-c1f5667be1e3ec5871560c677402c1252c6018a6.tar.bz2
bpo-33529, email: Fix infinite loop in email header encoding (GH-12020)
-rw-r--r--Lib/email/_header_value_parser.py23
-rw-r--r--Lib/test/test_email/test_headerregistry.py8
-rw-r--r--Lib/test/test_email/test_policy.py8
-rw-r--r--Misc/NEWS.d/next/Security/2019-02-24-18-48-16.bpo-33529.wpNNBD.rst2
4 files changed, 27 insertions, 14 deletions
diff --git a/Lib/email/_header_value_parser.py b/Lib/email/_header_value_parser.py
index bb26d5a..60d0d32 100644
--- a/Lib/email/_header_value_parser.py
+++ b/Lib/email/_header_value_parser.py
@@ -2723,16 +2723,19 @@ def _fold_as_ew(to_encode, lines, maxlen, last_ew, ew_combine_allowed, charset):
lines.append(' ')
# XXX We'll get an infinite loop here if maxlen is <= 7
continue
- first_part = to_encode[:text_space]
- ew = _ew.encode(first_part, charset=encode_as)
- excess = len(ew) - remaining_space
- if excess > 0:
- # encode always chooses the shortest encoding, so this
- # is guaranteed to fit at this point.
- first_part = first_part[:-excess]
- ew = _ew.encode(first_part)
- lines[-1] += ew
- to_encode = to_encode[len(first_part):]
+
+ to_encode_word = to_encode[:text_space]
+ encoded_word = _ew.encode(to_encode_word, charset=encode_as)
+ excess = len(encoded_word) - remaining_space
+ while excess > 0:
+ # Since the chunk to encode is guaranteed to fit into less than 100 characters,
+ # shrinking it by one at a time shouldn't take long.
+ to_encode_word = to_encode_word[:-1]
+ encoded_word = _ew.encode(to_encode_word, charset=encode_as)
+ excess = len(encoded_word) - remaining_space
+ lines[-1] += encoded_word
+ to_encode = to_encode[len(to_encode_word):]
+
if to_encode:
lines.append(' ')
new_last_ew = len(lines[-1])
diff --git a/Lib/test/test_email/test_headerregistry.py b/Lib/test/test_email/test_headerregistry.py
index 30ce0ba..d100709 100644
--- a/Lib/test/test_email/test_headerregistry.py
+++ b/Lib/test/test_email/test_headerregistry.py
@@ -1643,10 +1643,10 @@ class TestFolding(TestHeaderBase):
self.assertEqual(
h.fold(policy=policy.default),
'X-Report-Abuse: =?utf-8?q?=3Chttps=3A//www=2Emailitapp=2E'
- 'com/report=5F?=\n'
- ' =?utf-8?q?abuse=2Ephp=3Fmid=3Dxxx-xxx-xxxx'
- 'xxxxxxxxxxxxxxxxxxxx=3D=3D-xxx-?=\n'
- ' =?utf-8?q?xx-xx=3E?=\n')
+ 'com/report=5Fabuse?=\n'
+ ' =?utf-8?q?=2Ephp=3Fmid=3Dxxx-xxx-xxxx'
+ 'xxxxxxxxxxxxxxxxxxxx=3D=3D-xxx-xx-xx?=\n'
+ ' =?utf-8?q?=3E?=\n')
if __name__ == '__main__':
diff --git a/Lib/test/test_email/test_policy.py b/Lib/test/test_email/test_policy.py
index 8fecb8a..c2c437e 100644
--- a/Lib/test/test_email/test_policy.py
+++ b/Lib/test/test_email/test_policy.py
@@ -237,6 +237,14 @@ class PolicyAPITests(unittest.TestCase):
email.policy.EmailPolicy.header_factory)
self.assertEqual(newpolicy.__dict__, {'raise_on_defect': True})
+ def test_non_ascii_chars_do_not_cause_inf_loop(self):
+ policy = email.policy.default.clone(max_line_length=20)
+ actual = policy.fold('Subject', 'ą' * 12)
+ self.assertEqual(
+ actual,
+ 'Subject: \n' +
+ 12 * ' =?utf-8?q?=C4=85?=\n')
+
# XXX: Need subclassing tests.
# For adding subclassed objects, make sure the usual rules apply (subclass
# wins), but that the order still works (right overrides left).
diff --git a/Misc/NEWS.d/next/Security/2019-02-24-18-48-16.bpo-33529.wpNNBD.rst b/Misc/NEWS.d/next/Security/2019-02-24-18-48-16.bpo-33529.wpNNBD.rst
new file mode 100644
index 0000000..84d16f5
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2019-02-24-18-48-16.bpo-33529.wpNNBD.rst
@@ -0,0 +1,2 @@
+Prevent fold function used in email header encoding from entering infinite
+loop when there are too many non-ASCII characters in a header.