mirror of
https://github.com/python/cpython.git
synced 2025-12-23 09:19:18 +00:00
2cdbd3b8b2
Various date parsing utilities in the email module, such as
email.utils.parsedate(), are supposed to gracefully handle invalid
input, typically by raising an appropriate exception or by returning
None.
The internal email._parseaddr._parsedate_tz() helper used by some of
these date parsing routines tries to be robust against malformed input,
but unfortunately it can still crash ungracefully when a non-empty but
whitespace-only input is passed. This manifests as an unexpected
IndexError.
In practice, this can happen when parsing an email with only a newline
inside a ‘Date:’ header, which unfortunately happens occasionally in the
real world.
Here's a minimal example:
$ python
Python 3.9.6 (default, Jun 30 2021, 10:22:16)
[GCC 11.1.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import email.utils
>>> email.utils.parsedate('foo')
>>> email.utils.parsedate(' ')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.9/email/_parseaddr.py", line 176, in parsedate
t = parsedate_tz(data)
File "/usr/lib/python3.9/email/_parseaddr.py", line 50, in parsedate_tz
res = _parsedate_tz(data)
File "/usr/lib/python3.9/email/_parseaddr.py", line 72, in _parsedate_tz
if data[0].endswith(',') or data[0].lower() in _daynames:
IndexError: list index out of range
The fix is rather straight-forward: guard against empty lists, after
splitting on whitespace, but before accessing the first element.
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| NEWS.d | ||
| ACKS | ||
| coverity_model.c | ||
| gdbinit | ||
| HISTORY | ||
| indent.pro | ||
| Porting | ||
| python-config.in | ||
| python-config.sh.in | ||
| python-embed.pc.in | ||
| python-wing3.wpr | ||
| python-wing4.wpr | ||
| python-wing5.wpr | ||
| python.man | ||
| python.pc.in | ||
| README | ||
| README.AIX | ||
| README.coverity | ||
| README.valgrind | ||
| requirements-test.txt | ||
| SpecialBuilds.txt | ||
| svnmap.txt | ||
| valgrind-python.supp | ||
| vgrindefs | ||
Python Misc subdirectory
========================
This directory contains files that wouldn't fit in elsewhere. Some
documents are only of historic importance.
Files found here
----------------
ACKS Acknowledgements
gdbinit Handy stuff to put in your .gdbinit file, if you use gdb
HISTORY News from previous releases -- oldest last
indent.pro GNU indent profile approximating my C style
NEWS News for this release (for some meaning of "this")
Porting Mini-FAQ on porting to new platforms
python-config.in Python script template for python-config
python.man UNIX man page for the python interpreter
python.pc.in Package configuration info template for pkg-config
python-wing*.wpr Wing IDE project file
README The file you're reading now
README.AIX Information about using Python on AIX
README.coverity Information about running Coverity's Prevent on Python
README.valgrind Information for Valgrind users, see valgrind-python.supp
SpecialBuilds.txt Describes extra symbols you can set for debug builds
svnmap.txt Map of old SVN revs and branches to hg changeset ids,
help history-digging
valgrind-python.supp Valgrind suppression file, see README.valgrind
vgrindefs Python configuration for vgrind (a generic pretty printer)