diff options
| author | R. David Murray <rdmurray@bitdance.com> | 2011-01-09 02:48:04 (GMT) |
|---|---|---|
| committer | R. David Murray <rdmurray@bitdance.com> | 2011-01-09 02:48:04 (GMT) |
| commit | 389af0037175ec5327d401b3d4a3b13d509cc926 (patch) | |
| tree | 03ebfea958b3bfee40280bee5e187e6117411ef0 /Misc | |
| parent | 50778ab4c25f99c8fefeb67bc927bcb3356590cd (diff) | |
| download | cpython-389af0037175ec5327d401b3d4a3b13d509cc926.zip cpython-389af0037175ec5327d401b3d4a3b13d509cc926.tar.gz cpython-389af0037175ec5327d401b3d4a3b13d509cc926.tar.bz2 | |
Merged revisions 87873 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87873 | r.david.murray | 2011-01-08 21:35:24 -0500 (Sat, 08 Jan 2011) | 12 lines
#5871: protect against header injection attacks.
This makes Header.encode throw a HeaderParseError if it winds up
formatting a header such that a continuation line has no leading
whitespace and looks like a header. Since Header accepts values
containing newlines and preserves them (and this is by design), without
this fix any program that took user input (say, a subject in a web form)
and passed it to the email package as a header was vulnerable to header
injection attacks. (As far as we know this has never been exploited.)
Thanks to Jakub Wilk for reporting this vulnerability.
........
Diffstat (limited to 'Misc')
| -rw-r--r-- | Misc/NEWS | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -31,6 +31,13 @@ Core and Builtins Library ------- +- Issue #5871: email.header.Header.encode now raises an error if any + continuation line in the formatted value has no leading white space + and looks like a header. Since Generator uses Header to format all + headers, this check is made for all headers in any serialized message + at serialization time. This provides protection against header + injection attacks. + - Issue #7858: Raise an error properly when os.utime() fails under Windows on an existing file. |