mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-23 09:19:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
cpython/Lib
History
Miss Islington (bot) 2cdbd3b8b2
bpo-45001: Make email date parsing more robust against malformed input (GH-27946) (GH-27973) 
Various date parsing utilities in the email module, such as
email.utils.parsedate(), are supposed to gracefully handle invalid
input, typically by raising an appropriate exception or by returning
None.

The internal email._parseaddr._parsedate_tz() helper used by some of
these date parsing routines tries to be robust against malformed input,
but unfortunately it can still crash ungracefully when a non-empty but
whitespace-only input is passed. This manifests as an unexpected
IndexError.

In practice, this can happen when parsing an email with only a newline
inside a ‘Date:’ header, which unfortunately happens occasionally in the
real world.

Here's a minimal example:

    $ python
    Python 3.9.6 (default, Jun 30 2021, 10:22:16)
    [GCC 11.1.0] on linux
    Type "help", "copyright", "credits" or "license" for more information.
    >>> import email.utils
    >>> email.utils.parsedate('foo')
    >>> email.utils.parsedate(' ')
    Traceback (most recent call last):
      File "<stdin>", line 1, in <module>
      File "/usr/lib/python3.9/email/_parseaddr.py", line 176, in parsedate
        t = parsedate_tz(data)
      File "/usr/lib/python3.9/email/_parseaddr.py", line 50, in parsedate_tz
        res = _parsedate_tz(data)
      File "/usr/lib/python3.9/email/_parseaddr.py", line 72, in _parsedate_tz
        if data[0].endswith(',') or data[0].lower() in _daynames:
    IndexError: list index out of range

The fix is rather straight-forward: guard against empty lists, after
splitting on whitespace, but before accessing the first element.
(cherry picked from commit 989f6a3800)

Co-authored-by: wouter bolsterlee <wouter@bolsterl.ee>
2021-08-26 17:48:20 +02:00
..
asyncio [3.9] bpo-44815: Always show deprecation in asyncio.gather/sleep() (GH-27569) 2021-08-18 20:47:55 +02:00
collections bpo-43102: Set namedtuple __new__'s internal builtins to a dict. (GH-24439) (GH-24452) 2021-02-04 16:12:34 -08:00
concurrent bpo-35930: Raising an exception raised in a "future" instance will create reference cycles (GH-24995) (#25070) 2021-03-29 19:53:54 +02:00
ctypes [3.9] Update URLs in comments and metadata to use HTTPS (GH-27458) (GH-27480) 2021-07-30 16:34:04 +02:00
curses
dbm
distutils [3.9] Update URLs in comments and metadata to use HTTPS (GH-27458) (GH-27480) 2021-07-30 16:34:04 +02:00
email bpo-45001: Make email date parsing more robust against malformed input (GH-27946) (GH-27973) 2021-08-26 17:48:20 +02:00
encodings bpo-30566: Fix IndexError when using punycode codec (GH-18632) 2020-02-25 06:19:03 +03:00
ensurepip [3.9] Upgrade bundled pip and setuptools (GH-27625) (GH-27658) 2021-08-09 16:46:15 +02:00
html bpo-41748: Handles unquoted attributes with commas (GH-24072) 2021-02-01 12:54:43 -08:00
http [3.9] bpo-42853: Fix http.client fails to download >2GiB data over TLS (GH-27405) 2021-07-28 15:27:49 +02:00
idlelib [3.9] Update URLs in comments and metadata to use HTTPS (GH-27458) (GH-27480) 2021-07-30 16:34:04 +02:00
importlib bpo-44070: No longer eagerly makes import filenames absolute, except for extension modules (GH-26025) 2021-05-10 23:45:50 +01:00
json bpo-39828: Fix json.tool to catch BrokenPipeError (GH-18779) 2020-03-10 08:41:44 +01:00
lib2to3 make lib2to3 parse async generators everywhere (GH-6588) (GH-27703) 2021-08-10 11:56:50 +02:00
logging bpo-44753: Don't use logfile extension when determining old files to be deleted (GH-27475) (GH-27486) 2021-07-30 17:20:24 +01:00
msilib Remove binding of captured exceptions when not used to reduce the chances of creating cycles (GH-17246) 2019-11-19 21:34:03 +00:00
multiprocessing bpo-38840: Incorrect __all__ in multiprocessing.managers (GH-18034) (GH-27684) 2021-08-09 19:31:10 +02:00
pydoc_data Python 3.9.6 2021-06-28 10:26:18 +02:00
site-packages
sqlite3 [3.9] bpo-27334: roll back transaction if sqlite3 context manager fails to commit (GH-26202) (GH-27944) 2021-08-25 20:02:25 +01:00
test bpo-45001: Make email date parsing more robust against malformed input (GH-27946) (GH-27973) 2021-08-26 17:48:20 +02:00
tkinter [3.9] bpo-43655: Tkinter and IDLE dialog windows are now recognized as dialogs by window managers on macOS and X Window (GH-25187). (GH-25588) 2021-04-25 13:49:31 +03:00
turtledemo bpo-44254: On Mac, remove disfunctional colors from turtledemo buttons (GH-26448) 2021-05-29 04:16:34 -04:00
unittest bpo-44955: Always call stopTestRun() for implicitly created TestResult objects (GH-27831) (GH-27882) 2021-08-22 21:15:10 +03:00
urllib [3.9] Update URLs in comments and metadata to use HTTPS (GH-27458) (GH-27480) 2021-07-30 16:34:04 +02:00
venv bpo-38972: Fix typos in PowerShell Execution Policies links (GH-20383) 2020-05-25 08:13:49 -07:00
wsgiref
xml [3.9] Update URLs in comments and metadata to use HTTPS (GH-27458) (GH-27480) 2021-07-30 16:34:04 +02:00
xmlrpc [3.9] Update URLs in comments and metadata to use HTTPS (GH-27458) (GH-27480) 2021-07-30 16:34:04 +02:00
zoneinfo [3.9] fix typo in warning (GH-20620) (#25601) 2021-04-25 12:25:51 -07:00
__future__.py bpo-41314: fixed annotations __future__ version (GH-21616) 2020-07-25 15:00:48 -07:00
__phello__.foo.py
_aix_support.py bpo-43666: Lib/_aix_support.py routines may fail in a WPAR environment (GH-25095) (#25880) 2021-05-04 11:00:47 +02:00
_bootlocale.py
_bootsubprocess.py bpo-40094: Add os.waitstatus_to_exitcode() (GH-19201) 2020-04-01 18:49:29 +02:00
_collections_abc.py bpo-44704: Make Set._hash consistent with frozenset.__hash__ (GH-27281) (GH-27283) 2021-07-21 19:23:38 -05:00
_compat_pickle.py
_compression.py
_markupbase.py
_osx_support.py [3.9] bpo-41100: Support macOS 11 and Apple Silicon (GH-22855) (GH-23295) 2020-11-22 11:18:40 +01:00
_py_abc.py
_pydecimal.py bpo-39794: Add --without-decimal-contextvar (#18702) 2020-02-29 19:43:42 +01:00
_pyio.py bpo-39674: Revert "bpo-37330: open() no longer accept 'U' in file mode (GH-16959)" (GH-18767) 2020-03-04 18:50:22 +01:00
_sitebuiltins.py
_strptime.py bpo-43295: Fix error handling of datetime.strptime format string '%z' (GH-24627) (#25695) 2021-05-19 20:37:49 -04:00
_threading_local.py
_weakrefset.py bpo-39481: Make weakref and WeakSet generic (GH-19497) 2020-04-13 21:54:40 -07:00
abc.py Clarify the order of a stacked abstractmethod (GH-26892) 2021-06-27 11:50:45 -07:00
aifc.py
antigravity.py bpo-9216: Nobody expects the geohashing FIPS inquisition (GH-19520) 2020-04-14 12:49:11 -07:00
argparse.py [3.9] bpo-38956: don't print BooleanOptionalAction's default twice (GH-27672) (GH-27788) 2021-08-17 11:17:00 +02:00
ast.py Fix typo in ast.py (GH-25740) (GH-25894) 2021-05-04 06:39:08 -07:00
asynchat.py Remove binding of captured exceptions when not used to reduce the chances of creating cycles (GH-17246) 2019-11-19 21:34:03 +00:00
asyncore.py
base64.py bpo-39068: Fix race condition in base64 (GH-17627) 2021-01-01 12:42:44 -08:00
bdb.py fix docstring typo in bdb.py (GH-22323) (#26180) 2021-05-17 00:43:26 +01:00
binhex.py [3.9] bpo-29566: binhex.binhex now consitently writes MacOS 9 line endings. (GH-23059) (GH-23071) 2020-11-01 01:39:26 -08:00
bisect.py bpo-38626: Add comment explaining why __lt__ is used. (GH-16978) 2019-10-28 21:38:50 -07:00
bz2.py bpo-44439: BZ2File.write()/LZMAFile.write() handle length correctly (GH-26846) 2021-06-22 16:57:41 +03:00
calendar.py
cgi.py [3.9] bpo-42967: only use '&' as a query string separator (GH-24297) (#24528) 2021-02-15 10:03:31 -08:00
cgitb.py
chunk.py
cmd.py
code.py Fix documentation in code.py (GH-17988) 2020-01-15 01:17:25 +05:30
codecs.py bpo-14014: Clarify StreamWriter.reset() documentation (GH-13716) 2021-01-06 04:27:30 +02:00
codeop.py [3.9] bpo-41520: Fix second codeop regression (GH-21848) 2020-08-13 14:21:32 -04:00
colorsys.py
compileall.py [3.9] bpo-34990: Treat the pyc header's mtime in compileall as an unsigned int (GH-19708) 2021-08-24 11:07:31 -04:00
configparser.py bpo-41963: document that ConfigParser strips off comments (GH-26197) (GH-26213) 2021-05-18 18:44:48 +02:00
contextlib.py [3.9] bpo-44566: resolve differences between asynccontextmanager and contextmanager (GH-27024). (#27269) 2021-07-20 21:12:58 +02:00
contextvars.py
copy.py bpo-38293: Allow shallow and deep copying of property objects (GH-16438) 2020-01-12 09:41:49 -08:00
copyreg.py [3.9] bpo-41052: Fix pickling heap types implemented in C with protocols 0 and 1 (GH-22870). (GH-22963) 2020-10-25 17:56:17 +02:00
cProfile.py bpo-42005: profile and cProfile catch BrokenPipeError (GH-22643) 2021-01-20 01:19:08 -08:00
crypt.py closes bpo-38402: Check error of primitive crypt/crypt_r. (GH-16599) 2019-10-07 21:22:17 -07:00
csv.py
dataclasses.py Fix dataclass comment typo _eq__ -> __eq__ (GH-26433) (GH-26437) 2021-05-28 21:07:39 -04:00
datetime.py Fix typo (GH-23019) 2021-02-03 13:48:22 -08:00
decimal.py
difflib.py bpo-40394 - difflib.SequenceMatched.find_longest_match default args (GH-19742) 2020-04-29 22:42:45 -05:00
dis.py bpo-41497: Fix potential UnicodeDecodeError in dis CLI (GH-21757) 2020-08-07 20:24:12 -07:00
doctest.py bpo-1812: Fix newline conversion when doctest.testfile loads from a package whose loader has a get_data method (GH-17385) 2020-03-26 10:53:16 -05:00
enum.py [Enum] improve pickle support (#26666) 2021-06-11 01:26:32 -07:00
filecmp.py bpo-42958: Improve description of shallow= in filecmp.cmp docs (GH-27166) (GH-27608) 2021-08-04 22:09:45 +02:00
fileinput.py bpo-39481: PEP 585 for difflib, filecmp, fileinput (#19422) 2020-04-09 21:47:31 -07:00
fnmatch.py bpo-36769: Document that fnmatch.filter supports any kind of iterable (GH-13039) 2020-12-18 11:34:27 -08:00
formatter.py
fractions.py bpo-39350: Fix fractions for int subclasses (GH-18375) 2020-02-07 23:42:51 +01:00
ftplib.py bpo-43285 Make ftplib not trust the PASV response. (GH-24838) 2021-03-15 12:02:45 -07:00
functools.py bpo-44605: Teach @total_ordering() to work with metaclasses (GH-27633) (GH-27641) 2021-08-06 14:57:52 -05:00
genericpath.py bpo-38807: Add os.PathLike to exception message raised by _check_arg_types (#17160) 2019-11-18 21:54:00 -08:00
getopt.py
getpass.py update docstring for win_getpass to reflect code changes (GH-24967) 2021-05-04 00:10:32 -07:00
gettext.py bpo-40275: Import locale module lazily in gettext (GH-19905) 2020-05-14 03:22:30 +02:00
glob.py [3.9] bpo-44482: Fix very unlikely resource leak in glob in non-CPython implementations (GH-26843). (GH-26916) 2021-06-27 14:28:24 +03:00
graphlib.py [doc] Fix typo in the graphlib docs (GH-22661) (GH-22669) 2020-10-12 21:27:05 +01:00
gzip.py [3.9] Fix typo in comment (GH-26162) (GH-26165) 2021-05-16 11:08:10 -07:00
hashlib.py [3.9] Improve blake2 comment for Victor (GH-20981) (GH-20982) 2020-07-28 12:29:46 -07:00
heapq.py
hmac.py [3.9] bpo-40791: Use CRYPTO_memcmp() for compare_digest (GH-20456) (GH-20461) 2020-05-28 05:09:38 -07:00
imaplib.py bpo-40375: Implement imaplib.IMAP4.unselect (GH-19712) 2020-04-27 23:52:55 +09:00
imghdr.py [3.9] bpo-41043: Escape literal part of the path for glob(). (GH-20994). (GH-21275) 2020-07-02 10:05:16 +03:00
imp.py bpo-39674: Revert "bpo-37330: open() no longer accept 'U' in file mode (GH-16959)" (GH-18767) 2020-03-04 18:50:22 +01:00
inspect.py bpo-40897:Give priority to using the current class constructor in inspect.signature (GH-27177) (GH-27209) 2021-07-17 10:36:31 +02:00
io.py
ipaddress.py bpo-36384: Leading zeros in IPv4 addresses are no longer tolerated (GH-25099) (GH-25815) 2021-05-02 15:49:03 +02:00
keyword.py [3.9] Include soft keywords in keyword.py (GH-20877). (GH-20880) 2020-06-15 04:31:05 +01:00
linecache.py issue-25872: Fix KeyError using linecache from multiple threads (GH-18007) 2020-05-13 18:41:57 -04:00
locale.py bpo-38536: locale: Remove trailing space in formatted currency (GH-16864) 2020-01-20 12:45:50 +09:00
lzma.py bpo-44439: BZ2File.write()/LZMAFile.write() handle length correctly (GH-26846) 2021-06-22 16:57:41 +03:00
mailbox.py bpo-39481: PEP 585 for dataclasses, mailbox, contextvars (GH-19425) 2020-04-14 16:14:15 -07:00
mailcap.py bpo-40094: mailcap.test() uses waitstatus_to_exitcode() (GH-19287) 2020-04-02 02:00:06 +02:00
mimetypes.py bpo-41048: mimetypes should read the rule file using UTF-8, not the locale encoding (GH-20998) 2020-06-29 05:07:31 -07:00
modulefinder.py bpo-40443: Remove unused imports in the stdlib (GH-19803) 2020-04-30 11:26:33 +02:00
netrc.py
nntplib.py bpo-39305: Update nntplib to merge nntplib.NNTP and nntplib._NNTPBase (GH-19817) 2020-05-16 19:31:54 +09:00
ntpath.py bpo-38453: Ensure ntpath.realpath correctly resolves relative paths (GH-16967) 2019-11-15 09:49:21 -08:00
nturl2path.py bpo-43607: Fix urllib handling of Windows paths with \\?\ prefix (GH-25539) 2021-04-23 10:28:05 -07:00
numbers.py bpo-44072: fix Complex, Integral docs for ** (GH-25986) 2021-05-14 15:25:43 -07:00
opcode.py bpo-39320: Handle unpacking of **values in compiler (GH-18141) 2020-01-27 09:57:45 +00:00
operator.py [3.9] bpo-44558: Match countOf is/== treatment to c (GH-27007). (GH-27055) 2021-07-07 23:55:22 +09:00
optparse.py
os.py bpo-39481: Implementation for PEP 585 (#18239) 2020-04-07 09:50:06 -07:00
pathlib.py bpo-27827: identify a greater range of reserved filename on Windows. (GH-26698) (#27422) 2021-07-28 17:15:51 +02:00
pdb.py [3.9] bpo-44461: Check early that a pdb target is valid for execution. (GH-27227) (GH-27400) 2021-07-28 18:48:52 -04:00
pickle.py bpo-42406: Fix whichmodule() with multiprocessing (GH-23403) 2020-11-29 10:47:31 -08:00
pickletools.py
pipes.py
pkgutil.py bpo-44061: Fix pkgutil.iter_modules regression when passed a pathlib.Path object (GH-25964) (GH-26052) 2021-05-12 11:48:50 +02:00
platform.py bpo-44572: On Windows, disconnect STDIN in platform._syscmd_ver() to prevent erroneous STDIN consumption (GH-27092) 2021-07-14 17:17:18 +01:00
plistlib.py bpo-42249: Fix writing binary Plist files larger than 4 GiB. (GH-23121) 2020-11-03 13:32:59 -08:00
poplib.py bpo-39259: poplib now rejects timeout = 0 (GH-17912) 2020-01-10 15:34:05 +01:00
posixpath.py bpo-26329: update os.path.normpath documentation (GH-20138) (#27095) 2021-07-12 17:22:33 +02:00
pprint.py
profile.py bpo-42005: profile and cProfile catch BrokenPipeError (GH-22643) 2021-01-20 01:19:08 -08:00
pstats.py bpo-41811: create SortKey members using first given value (GH-22316) (GH-22325) 2020-09-19 12:56:13 -07:00
pty.py bpo-39184: Add audit events to command execution functions in os and pty modules (GH-17824) 2020-02-05 11:15:00 +11:00
py_compile.py bpo-38731: Fix NameError in command-line interface of py_compile (GH-21617) 2020-07-25 23:43:47 +03:00
pyclbr.py
pydoc.py [3.9] Update URLs in comments and metadata to use HTTPS (GH-27458) (GH-27480) 2021-07-30 16:34:04 +02:00
queue.py bpo-39481: PEP 585 for a variety of modules (GH-19423) 2020-04-10 07:46:36 -07:00
quopri.py
random.py bpo-44018: random.seed() no longer mutates its inputs (GH-25856) (GH-25864) 2021-05-03 16:36:14 -07:00
re.py bpo-40016: re docstring: Clarify relationship of inline and argument flags (#19078) 2020-03-25 14:44:47 -04:00
reprlib.py
rlcompleter.py bpo-44752: refactor part of rlcompleter.Completer.attr_matches (GH-27433) (GH-27446) 2021-07-29 17:46:07 +02:00
runpy.py bpo-40108: Improve the error message in runpy when importing a module that includes the extension (GH-19239) 2020-03-31 12:23:55 +01:00
sched.py
secrets.py bpo-40286: Add randbytes() method to random.Random (GH-19527) 2020-04-17 19:05:35 +02:00
selectors.py bpo-41182 selector: use DefaultSelector based upon implementation (GH-21257) 2020-07-26 08:32:25 -07:00
shelve.py
shlex.py bpo-33262: Deprecate passing None for s to shlex.split() (GH-6514) 2020-04-01 09:58:55 -04:00
shutil.py [3.9] bpo-43219: shutil.copyfile, raise a less confusing exception instead of IsADirectoryError (GH-27049) (GH-27082) 2021-07-09 21:13:59 -07:00
signal.py
site.py bpo-41193: Ignore OSError in readline write_history() (GH-21279) 2020-07-02 04:02:16 -07:00
smtpd.py bpo-35800: Deprecate smtpd.MailmanProxy (GH-11675) 2019-10-12 10:24:26 -07:00
smtplib.py Quick pydoc update to smtplib.py (GH-22292) (GH-25615) 2021-04-25 21:03:54 -07:00
sndhdr.py [3.9] bpo-41043: Escape literal part of the path for glob(). (GH-20994). (GH-21275) 2020-07-02 10:05:16 +03:00
socket.py Fix host in address of socket.create_server example. (GH-17706) 2020-01-11 10:46:30 +05:30
socketserver.py [3.9] bpo-37193: Remove thread objects which finished process its request (GH-23127) (GH-24750) 2021-03-04 08:36:41 -08:00
sre_compile.py
sre_constants.py
sre_parse.py
ssl.py bpo-40443: Remove unused imports in stdlib (GH-19815) 2020-05-01 02:38:00 +02:00
stat.py bpo-38109: Add missing constants to Lib/stat.py (GH-16665) 2019-10-10 09:34:46 +02:00
statistics.py Some reformatting (suggested by Black) and minor factoring. (GH-20865) (GH-20866) 2020-06-13 19:53:32 -07:00
string.py bpo-38208: Simplify string.Template by using __init_subclass__(). (GH-16256) 2019-10-21 09:36:21 +03:00
stringprep.py
struct.py
subprocess.py [3.9] bpo-43776: Remove list call from args in Popen repr (GH-25338) (GH-26510) 2021-06-02 21:15:26 -07:00
sunau.py
symbol.py bpo-40759: Deprecate the symbol module (GH-20364) 2020-05-31 15:23:29 -07:00
symtable.py [3.9] bpo-41840: Report module-level globals as both local and global in the symtable module (GH-22391). (GH-22528) 2020-10-03 21:23:03 +01:00
sysconfig.py bpo-42504: Ensure that get_config_var('MACOSX_DEPLOYMENT_TARGET') is a string (GH-24341) (GH-24410) 2021-01-31 23:22:48 -05:00
tabnanny.py
tarfile.py bpo-12800: tarfile: Restore fix from 011525ee9 (GH-21409) 2020-11-25 01:52:51 -08:00
telnetlib.py
tempfile.py bpo-41410: Fix outdated info in mkstemp docs (GH-21701) 2020-08-13 18:53:43 -07:00
textwrap.py
this.py
threading.py bpo-44422: Fix threading.enumerate() reentrant call (GH-26727) (GH-26738) 2021-06-15 18:30:26 +02:00
timeit.py bpo-40419: timeit CLI docs now mention 1,2,5,10,... trials instead of powers of 10 (GH-19752) 2020-05-02 19:12:05 +03:00
token.py
tokenize.py bpo-44667: Treat correctly lines ending with comments and no newlines in the Python tokenizer (GH-27499) (GH-27501) 2021-08-02 11:44:01 +02:00
trace.py bpo-41138: Fix trace CLI for non-UTF-8 files. (GH-21177) 2020-06-28 03:52:26 -07:00
traceback.py [3.9] bpo-43048: RecursionError traceback RecursionError bugfix for cpy3.9 (GH-24460) (#24460) 2021-07-12 17:58:47 +02:00
tracemalloc.py bpo-37961: Fix regression in tracemalloc.Traceback.__repr__ (GH-23805) 2020-12-16 14:01:14 -08:00
tty.py
turtle.py [3.9] Update URLs in comments and metadata to use HTTPS (GH-27458) (GH-27480) 2021-07-30 16:34:04 +02:00
types.py bpo-39481: Implementation for PEP 585 (#18239) 2020-04-07 09:50:06 -07:00
typing.py bpo-44806: Fix __init__ in subclasses of protocols (GH-27545) (GH-27559) 2021-08-02 18:52:16 +02:00
uu.py bpo-38945: UU Encoding: Don't let newline in filename corrupt the output format (#17418) 2019-12-02 14:25:21 -08:00
uuid.py bpo-41364: Reduce import overhead of uuid module (GH-21586) 2020-07-21 17:09:32 -07:00
warnings.py bpo-39056: Fix handling invalid warning category in the -W option. (GH-17618) 2020-01-05 14:15:27 +02:00
wave.py Fix a typo in wave module docstring (GH-17009) 2019-11-04 22:32:10 -06:00
weakref.py [3.9] Update URLs in comments and metadata to use HTTPS (GH-27458) (GH-27480) 2021-07-30 16:34:04 +02:00
webbrowser.py bpo-41754: Ignore NotADirectoryError in invocation of xdg-settings (GH-23075) 2020-11-08 02:07:44 -08:00
xdrlib.py
zipapp.py
zipfile.py bpo-40105: ZipFile truncate in append mode with shorter comment (GH-19337) 2020-09-28 13:18:47 -07:00
zipimport.py [3.9] bpo-40924: Revert "bpo-39791 native hooks for importlib.resources.files (GH-20576)" (#20760) 2020-06-09 19:50:01 +02:00