| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-27946)
Various date parsing utilities in the email module, such as
email.utils.parsedate(), are supposed to gracefully handle invalid
input, typically by raising an appropriate exception or by returning
None.
The internal email._parseaddr._parsedate_tz() helper used by some of
these date parsing routines tries to be robust against malformed input,
but unfortunately it can still crash ungracefully when a non-empty but
whitespace-only input is passed. This manifests as an unexpected
IndexError.
In practice, this can happen when parsing an email with only a newline
inside a ‘Date:’ header, which unfortunately happens occasionally in the
real world.
Here's a minimal example:
$ python
Python 3.9.6 (default, Jun 30 2021, 10:22:16)
[GCC 11.1.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import email.utils
>>> email.utils.parsedate('foo')
>>> email.utils.parsedate(' ')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.9/email/_parseaddr.py", line 176, in parsedate
t = parsedate_tz(data)
File "/usr/lib/python3.9/email/_parseaddr.py", line 50, in parsedate_tz
res = _parsedate_tz(data)
File "/usr/lib/python3.9/email/_parseaddr.py", line 72, in _parsedate_tz
if data[0].endswith(',') or data[0].lower() in _daynames:
IndexError: list index out of range
The fix is rather straight-forward: guard against empty lists, after
splitting on whitespace, but before accessing the first element.
(cherry picked from commit 989f6a3800f06b2bd31cfef7c3269a443ad94fac)
Co-authored-by: wouter bolsterlee <wouter@bolsterl.ee>
|
| |
|
|
|
|
|
|
|
|
|
| |
(GH-27242)
getaddresses() should be able to handle a Header object if passed
one.
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
(cherry picked from commit 89f4c34797de2f0e5045da2b97c1c8cbbb42fbb2)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
|
| | |
|
| |
|
|
| |
email/base64mime.py::body_encode (GH-24476)
|
| |
|
|
|
|
|
|
|
|
|
| |
(GH-18074)
This PR replaces #1977. The reason for the replacement is two-fold.
The fix itself is different is that if the CTE header doesn't exist in the original message, it is inserted. This is important because the new CTE could be quoted-printable whereas the original is implicit 8bit.
Also the tests are different. The test_nonascii_as_string_without_cte test in #1977 doesn't actually test the issue in that it passes without the fix. The test_nonascii_as_string_without_content_type_and_cte test is improved here, and even though it doesn't fail without the fix, it is included for completeness.
Automerge-Triggered-By: @warsaw
|
| | |
|
| | |
|
| |
|
|
|
| |
* bpo-39793: use same domain on make_msgid tests
* apply suggestions
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fixes a case in which email._header_value_parser.get_unstructured hangs the system for some invalid headers. This covers the cases in which the header contains either:
- a case without trailing whitespace
- an invalid encoded word
https://bugs.python.org/issue37764
This fix should also be backported to 3.7 and 3.8
https://bugs.python.org/issue37764
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix typos in comments, docs and test names
* Update test_pyparse.py
account for change in string length
* Apply suggestion: splitable -> splittable
Co-Authored-By: Terry Jan Reedy <tjreedy@udel.edu>
* Apply suggestion: splitable -> splittable
Co-Authored-By: Terry Jan Reedy <tjreedy@udel.edu>
* Apply suggestion: Dealloccte -> Deallocate
Co-Authored-By: Terry Jan Reedy <tjreedy@udel.edu>
* Update posixmodule checksum.
* Reverse idlelib changes.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before:
>>> email.message_from_string('From: a@malicious.org@important.com', policy=email.policy.default)['from'].addresses
(Address(display_name='', username='a', domain='malicious.org'),)
>>> parseaddr('a@malicious.org@important.com')
('', 'a@malicious.org')
After:
>>> email.message_from_string('From: a@malicious.org@important.com', policy=email.policy.default)['from'].addresses
(Address(display_name='', username='', domain=''),)
>>> parseaddr('a@malicious.org@important.com')
('', 'a@')
https://bugs.python.org/issue34155
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bpo-30835: email: Fix AttributeError when parsing invalid Content-Transfer-Encoding
Parsing an email containing a multipart Content-Type, along with a
Content-Transfer-Encoding containing an invalid (non-ASCII-decodable) byte
will fail. email.feedparser.FeedParser._parsegen() gets the header and
attempts to convert it to lowercase before comparing it with the accepted
encodings, but as the header contains an invalid byte, it's returned as a
Header object rather than a str.
Cast the Content-Transfer-Encoding header to a str to avoid this.
Found using the AFL fuzzer.
Reported-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Andrew Donnellan <andrew@donnellan.id.au>
* Add email and NEWS entry for the bugfix.
|
| | |
|
| |
|
|
|
|
| |
* Remove Setup.config
* Always define WITH_THREAD for compatibility.
|
| |\ |
|
| | |
| |
| |
| | |
Patch by Dillon Brock.
|
| | |
| |
| |
| |
| | |
This is a further restoration of backward compatibility, as well as
being correct per the RFCs.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
And most of the tools.
Patch by Emanual Barry, reviewed by me, Serhiy Storchaka, and
Martin Panter.
|
| |\ \
| |/ |
|
| | |
| |
| |
| | |
Patch by Claude Paroz.
|
| | | |
|
| |\ \
| |/ |
|
| | |
| |
| |
| | |
Original patch by Martin Panter, new policy fixes by me.
|
| | |
| |
| |
| | |
Patch by Berker Peksag.
|
| | | |
|
| |\ \
| |/ |
|
| | | |
|
| |/ |
|
| |\
| |
| |
| | |
Use time.monotonic instead of time.clock.
|
| | |
| |
| |
| | |
Use time.monotonic or time.time instead of time.clock.
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| | |
This changes the main documentation, doc strings, source code comments, and a
couple error messages in the test suite. In some cases the word was removed
or edited some other way to fix the grammar.
|
| |\ \
| |/
| |
| | |
email.utils.make_msgid() to strengthen the uniqueness of the message ID.
|
| | |
| |
| |
| | |
email.utils.make_msgid() to strengthen the uniqueness of the message ID.
|
| | |
| |
| |
| | |
Patch by Abhilash Raj.
|
| |\ \
| |/ |
|
| | |
| |
| |
| | |
Patch by Cory Benfield.
|
| |/
|
|
|
|
| |
email.charset.Charset instances.
Initial patch by Claude Paroz.
|
| | |
|
| |
|
|
|
|
| |
long line.
Original patch by Raymond Hettinger.
|
| |
|
|
| |
This makes the behavior match that of Parser. Patch by Vajrasky Kok.
|
| |
|
|
| |
Original patch by Varun Sharma.
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This is more RFC compliant (see issue) and fixes a problem with
signature verifiers rejecting the part when signed. There is some
amount of backward compatibility concern here since it changes
the output, but the RFC issue coupled with fixing the problem
with signature verifiers seems worth the small risk of breaking
code that depends on the current incorrect output.
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This is a bit of an ugly hack because of the way generator pieces together the
output message. The deepcopys aren't too expensive, though, because we know it
is only called on messages that are not multiparts, and the payload (the thing
that could be large) is an immutable object.
Test and preliminary work on patch by Vajrasky Kok.
|
| |\ \
| |/ |
|
| | |
| |
| |
| | |
This fixes a regression relative to python2.
|
| | |
| |
| |
| |
| | |
So passing unicode to set_payload works again (but still doesn't
do what you want when the message is serialized).
|
