bpo-30835: email: Fix AttributeError when parsing invalid CTE (GH-13598)

* bpo-30835: email: Fix AttributeError when parsing invalid Content-Transfer-Encoding Parsing an email containing a multipart Content-Type, along with a Content-Transfer-Encoding containing an invalid (non-ASCII-decodable) byte will fail. email.feedparser.FeedParser._parsegen() gets the header and attempts to convert it to lowercase before comparing it with the accepted encodings, but as the header contains an invalid byte, it's returned as a Header object rather than a str. Cast the Content-Transfer-Encoding header to a str to avoid this. Found using the AFL fuzzer. Reported-by: Daniel Axtens <dja@axtens.net> Signed-off-by: Andrew Donnellan <andrew@donnellan.id.au> * Add email and NEWS entry for the bugfix.
2025-12-04 00:30:19 +00:00 · 2019-06-04 14:00:47 -04:00 · 2019-06-04 14:00:47 -04:00 · aa79707262
commit aa79707262
parent 46d88a1131
3 changed files with 13 additions and 1 deletions
--- a/Lib/email/feedparser.py
+++ b/Lib/email/feedparser.py
@ -320,7 +320,7 @@ class FeedParser:
                self._cur.set_payload(EMPTYSTRING.join(lines))
                return
            # Make sure a valid content type was specified per RFC 2045:6.4.
-            if (self._cur.get('content-transfer-encoding', '8bit').lower()
+            if (str(self._cur.get('content-transfer-encoding', '8bit')).lower()
                    not in ('7bit', '8bit', 'binary')):
                defect = errors.InvalidMultipartContentTransferEncodingDefect()
                self.policy.handle_defect(self._cur, defect)