summaryrefslogtreecommitdiffstats
path: root/Lib/email
diff options
context:
space:
mode:
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>2021-08-26 15:49:12 (GMT)
committerGitHub <noreply@github.com>2021-08-26 15:49:12 (GMT)
commit81148c6f91092c3aa207a53b657b2548a20b230c (patch)
tree36911ed77b44b68e2250e12074f4ed322175f3d9 /Lib/email
parent6ebfe8da6331bfcf54057f6e22a6f353a5621d35 (diff)
downloadcpython-81148c6f91092c3aa207a53b657b2548a20b230c.zip
cpython-81148c6f91092c3aa207a53b657b2548a20b230c.tar.gz
cpython-81148c6f91092c3aa207a53b657b2548a20b230c.tar.bz2
bpo-45001: Make email date parsing more robust against malformed input (GH-27946) (GH-27974)
Various date parsing utilities in the email module, such as email.utils.parsedate(), are supposed to gracefully handle invalid input, typically by raising an appropriate exception or by returning None. The internal email._parseaddr._parsedate_tz() helper used by some of these date parsing routines tries to be robust against malformed input, but unfortunately it can still crash ungracefully when a non-empty but whitespace-only input is passed. This manifests as an unexpected IndexError. In practice, this can happen when parsing an email with only a newline inside a ‘Date:’ header, which unfortunately happens occasionally in the real world. Here's a minimal example: $ python Python 3.9.6 (default, Jun 30 2021, 10:22:16) [GCC 11.1.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import email.utils >>> email.utils.parsedate('foo') >>> email.utils.parsedate(' ') Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3.9/email/_parseaddr.py", line 176, in parsedate t = parsedate_tz(data) File "/usr/lib/python3.9/email/_parseaddr.py", line 50, in parsedate_tz res = _parsedate_tz(data) File "/usr/lib/python3.9/email/_parseaddr.py", line 72, in _parsedate_tz if data[0].endswith(',') or data[0].lower() in _daynames: IndexError: list index out of range The fix is rather straight-forward: guard against empty lists, after splitting on whitespace, but before accessing the first element. (cherry picked from commit 989f6a3800f06b2bd31cfef7c3269a443ad94fac) Co-authored-by: wouter bolsterlee <wouter@bolsterl.ee>
Diffstat (limited to 'Lib/email')
-rw-r--r--Lib/email/_parseaddr.py2
1 files changed, 2 insertions, 0 deletions
diff --git a/Lib/email/_parseaddr.py b/Lib/email/_parseaddr.py
index 41ff6f8..178329f 100644
--- a/Lib/email/_parseaddr.py
+++ b/Lib/email/_parseaddr.py
@@ -67,6 +67,8 @@ def _parsedate_tz(data):
if not data:
return
data = data.split()
+ if not data: # This happens for whitespace-only input.
+ return None
# The FWS after the comma after the day-of-week is optional, so search and
# adjust for this.
if data[0].endswith(',') or data[0].lower() in _daynames: