mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-09-25 01:43:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 14
cpython/Lib
History
wouter bolsterlee 989f6a3800
bpo-45001: Make email date parsing more robust against malformed input (GH-27946) 
Various date parsing utilities in the email module, such as
email.utils.parsedate(), are supposed to gracefully handle invalid
input, typically by raising an appropriate exception or by returning
None.

The internal email._parseaddr._parsedate_tz() helper used by some of
these date parsing routines tries to be robust against malformed input,
but unfortunately it can still crash ungracefully when a non-empty but
whitespace-only input is passed. This manifests as an unexpected
IndexError.

In practice, this can happen when parsing an email with only a newline
inside a ‘Date:’ header, which unfortunately happens occasionally in the
real world.

Here's a minimal example:

    $ python
    Python 3.9.6 (default, Jun 30 2021, 10:22:16)
    [GCC 11.1.0] on linux
    Type "help", "copyright", "credits" or "license" for more information.
    >>> import email.utils
    >>> email.utils.parsedate('foo')
    >>> email.utils.parsedate(' ')
    Traceback (most recent call last):
      File "<stdin>", line 1, in <module>
      File "/usr/lib/python3.9/email/_parseaddr.py", line 176, in parsedate
        t = parsedate_tz(data)
      File "/usr/lib/python3.9/email/_parseaddr.py", line 50, in parsedate_tz
        res = _parsedate_tz(data)
      File "/usr/lib/python3.9/email/_parseaddr.py", line 72, in _parsedate_tz
        if data[0].endswith(',') or data[0].lower() in _daynames:
    IndexError: list index out of range

The fix is rather straight-forward: guard against empty lists, after
splitting on whitespace, but before accessing the first element.
2021-08-26 16:49:03 +02:00
..
asyncio Trivial typo in docstring 2021-07-31 06:36:10 +02:00
collections bpo-27275: Change popitem() and pop() methods of collections.OrderedDict (GH-27530) 2021-08-03 13:00:55 +02:00
concurrent Use from imports (GH-26594) 2021-06-08 06:47:15 -03:00
ctypes Update URLs in comments and metadata to use HTTPS (GH-27458) 2021-07-30 15:54:46 +02:00
curses
dbm
distutils bpo-44781: make distutils test suppress deprecation warning from import distutils (GH-27485) 2021-08-02 11:34:55 +02:00
email bpo-45001: Make email date parsing more robust against malformed input (GH-27946) 2021-08-26 16:49:03 +02:00
encodings
ensurepip Upgrade bundled pip and setuptools (#27625) 2021-08-06 20:22:48 +02:00
html
http Fix typos in multiple files (GH-26689) 2021-06-12 22:47:44 -04:00
idlelib Update URLs in comments and metadata to use HTTPS (GH-27458) 2021-07-30 15:54:46 +02:00
importlib bpo-43392: Optimize repeated calls to __import__() (GH-24735) 2021-08-12 11:23:29 -07:00
json
lib2to3 make lib2to3 parse async generators everywhere (GH-6588) 2021-08-10 11:31:32 +02:00
logging bpo-44291: Fix reconnection in logging.handlers.SysLogHandler (GH-26490) 2021-08-05 14:58:16 +01:00
msilib
multiprocessing bpo-38840: Incorrect __all__ in multiprocessing.managers (GH-18034) 2021-08-09 18:44:55 +02:00
pydoc_data
site-packages
sqlite3 bpo-27334: roll back transaction if sqlite3 context manager fails to commit (GH-26202) 2021-08-25 11:59:42 +01:00
test bpo-45001: Make email date parsing more robust against malformed input (GH-27946) 2021-08-26 16:49:03 +02:00
tkinter bpo-44404: tkinter after support callable classes (GH-26812) 2021-06-23 13:30:24 +03:00
turtledemo bpo-44254: On Mac, remove disfunctional colors from turtledemo buttons (GH-26448) 2021-05-29 03:19:50 -04:00
unittest bpo-41322: Add unit tests for deprecation of test return values (GH-27846) 2021-08-22 21:32:45 +03:00
urllib Update URLs in comments and metadata to use HTTPS (GH-27458) 2021-07-30 15:54:46 +02:00
venv bpo-43749: Ensure current exe is copied when using venv on windows (GH-25216) 2021-05-19 02:37:17 -07:00
wsgiref
xml Update URLs in comments and metadata to use HTTPS (GH-27458) 2021-07-30 15:54:46 +02:00
xmlrpc Update URLs in comments and metadata to use HTTPS (GH-27458) 2021-07-30 15:54:46 +02:00
zoneinfo fix typo in warning (#20620) 2021-04-25 10:45:05 -07:00
__future__.py Set the release for __future__.annotations to 3.11 (#25596) 2021-04-25 17:09:24 +01:00
__phello__.foo.py
_aix_support.py Fix typos in multiple files (GH-26689) 2021-06-12 22:47:44 -04:00
_bootsubprocess.py
_collections_abc.py bpo-44801: Check arguments in substitution of ParamSpec in Callable (GH-27585) 2021-08-04 20:07:01 +02:00
_compat_pickle.py
_compression.py bpo-41486: Faster bz2/lzma/zlib via new output buffering (GH-21740) 2021-04-27 23:58:54 -07:00
_markupbase.py
_osx_support.py bpo-43425: Update _osx_support not to use distutils.log (GH-26968) 2021-07-01 09:35:10 +09:00
_py_abc.py
_pydecimal.py Remove unnecessary test for xc == 1 in _pydecimal (GH-27102) 2021-07-15 12:48:46 +02:00
_pyio.py
_sitebuiltins.py
_strptime.py
_threading_local.py
_weakrefset.py
abc.py Clarify the order of a stacked abstractmethod (GH-26892) 2021-06-27 21:02:23 +03:00
aifc.py bpo-30077: Add support for Apple aifc/sowt pseudo-compression (GH-24449) 2021-08-13 13:31:25 +02:00
antigravity.py
argparse.py bpo-38956: don't print BooleanOptionalAction's default twice (GH-27672) 2021-08-16 23:42:21 +02:00
ast.py Fix typos in multiple files (GH-26689) 2021-06-12 22:47:44 -04:00
asynchat.py bpo-44498: Issue a deprecation warning on asynchat, asyncore and smtpd import (#26882) 2021-06-24 12:37:26 -07:00
asyncore.py bpo-44498: Issue a deprecation warning on asynchat, asyncore and smtpd import (#26882) 2021-06-24 12:37:26 -07:00
base64.py bpo-44690: Adopt binacii.a2b_base64's strict mode in base64.b64decode (GH-27272) 2021-08-23 16:44:28 -07:00
bdb.py fix docstring typo in bdb.py (GH-22323) 2021-05-17 00:20:33 +01:00
binhex.py
bisect.py
bz2.py bpo-44439: BZ2File.write() / LZMAFile.write() handle buffer protocol correctly (GH-26764) 2021-06-22 10:04:23 +03:00
calendar.py
cgi.py bpo-41139: Deprecate cgi.log() (GH-25625) 2021-04-29 11:36:04 +09:00
cgitb.py bpo-44740: Lowercase "internet" and "web" where appropriate. (#27378) 2021-07-27 00:11:55 +02:00
chunk.py
cmd.py
code.py
codecs.py
codeop.py
colorsys.py Improve consistency of colorsys.rgb_to_hsv (GH-27277) 2021-07-23 09:59:30 -03:00
compileall.py bpo-34990: Treat the pyc header's mtime in compileall as an unsigned int (GH-19708) 2021-08-24 12:13:32 +03:00
configparser.py bpo-38741: Definition of multiple ']' in header configparser (GH-17129) 2021-07-13 15:54:06 +02:00
contextlib.py bpo-44566: resolve differences between asynccontextmanager and contextmanager (#27024) 2021-07-20 20:15:07 +02:00
contextvars.py
copy.py
copyreg.py bpo-44676: Serialize the union type using only public API (GH-27323) 2021-07-24 21:26:02 +03:00
cProfile.py
crypt.py
csv.py bpo-43625: Enhance csv sniffer has_headers() to be more accurate (GH-26939) 2021-07-30 19:10:37 +02:00
dataclasses.py Fix typos in multiple files (GH-26689) 2021-06-12 22:47:44 -04:00
datetime.py
decimal.py
difflib.py
dis.py bpo-43950: include position in dis.Instruction (GH-27015) 2021-07-04 12:05:05 -07:00
doctest.py bpo-35753: Fix crash in doctest with unwrap-able functions (#22981) 2021-05-05 19:33:17 +02:00
enum.py bpo-44929: [Enum] Fix global repr (GH-27789) 2021-08-25 07:24:32 -07:00
filecmp.py bpo-42958: Improve description of shallow= in filecmp.cmp docs (GH-27166) 2021-08-04 21:39:45 +02:00
fileinput.py bpo-43651: Fix EncodingWarning in fileinput and its test (GH-25648) 2021-04-27 15:47:16 +09:00
fnmatch.py bpo-42799: fnmatch module: bump up size of lru_cache for patterns (GH-27084) 2021-07-15 12:53:26 +02:00
fractions.py bpo-44258: support PEP 515 for Fraction's initialization from string (GH-26422) 2021-06-07 08:06:33 +01:00
ftplib.py
functools.py bpo-44605: Teach @total_ordering() to work with metaclasses (GH-27633) 2021-08-06 14:33:30 -05:00
genericpath.py
getopt.py
getpass.py update docstring for win_getpass to reflect code changes (GH-24967) 2021-05-03 23:48:29 -07:00
gettext.py bpo-44235: Remove deprecated functions in the gettext module. (GH-26378) 2021-05-30 10:29:45 +09:00
glob.py bpo-44482: Fix very unlikely resource leak in glob in non-CPython implementations (GH-26843) 2021-06-23 12:53:37 +03:00
graphlib.py
gzip.py bpo-44439: BZ2File.write() / LZMAFile.write() handle buffer protocol correctly (GH-26764) 2021-06-22 10:04:23 +03:00
hashlib.py
heapq.py
hmac.py
imaplib.py bpo-44045: fix spelling of uppercase vs upper-case (GH-25985) 2021-05-28 17:54:25 -03:00
imghdr.py bpo-44539: Support recognizing JPEG files without JFIF or Exif markers (GH-26964) 2021-07-20 20:56:57 +02:00
imp.py
inspect.py bpo-44648: Fix error type in inspect.getsource() in interactive session (GH-27171) 2021-07-30 19:17:46 +02:00
io.py
ipaddress.py bpo-33433 Fix private address checking for IPv4 mapped IPv6. (GH-26172) 2021-05-17 00:52:36 -07:00
keyword.py
linecache.py
locale.py
lzma.py bpo-44439: BZ2File.write() / LZMAFile.write() handle buffer protocol correctly (GH-26764) 2021-06-22 10:04:23 +03:00
mailbox.py
mailcap.py
mimetypes.py bpo-44582: Accelerate mimetypes.init on Windows with a native accelerator (GH-27059) 2021-07-08 16:48:42 +01:00
modulefinder.py
netrc.py bpo-43733: netrc try to use UTF-8 before using locale encoding. (GH-25781) 2021-05-02 14:01:02 +09:00
nntplib.py
ntpath.py bpo-43757: Make pathlib use os.path.realpath() to resolve symlinks in a path (GH-25264) 2021-04-28 16:50:17 +01:00
nturl2path.py bpo-43607: Fix urllib handling of Windows paths with \\?\ prefix (GH-25539) 2021-04-23 18:02:47 +01:00
numbers.py bpo-44072: fix Complex, Integral docs for ** (GH-25986) 2021-05-14 18:01:48 -04:00
opcode.py bpo-44889: Specialize LOAD_METHOD with PEP 659 adaptive interpreter (GH-27722) 2021-08-17 15:55:55 +01:00
operator.py bpo-44558: Match countOf is/== treatment to c (GH-27007) 2021-07-07 22:28:09 +09:00
optparse.py
os.py bpo-42053: Remove misleading check in os.fwalk() (GH-27669) 2021-08-08 21:04:02 +03:00
pathlib.py bpo-27827: identify a greater range of reserved filename on Windows. (GH-26698) 2021-07-28 16:28:14 +02:00
pdb.py bpo-44682: Handle invalid arg to pdb's "commands" directive (#27252) 2021-07-28 18:55:03 +02:00
pickle.py bpo-43907: add missing memoize call in pure python pickling of bytearray (GH-25501) 2021-04-23 23:27:14 +02:00
pickletools.py
pipes.py Change type check to isinstance in pipes (GH-27291) 2021-07-28 15:38:06 +02:00
pkgutil.py bpo-44061: Fix pkgutil.iter_modules regression when passed a pathlib.Path object (GH-25964) 2021-05-12 00:27:22 +01:00
platform.py platform: Import subprocess in function. (GH-27610) 2021-08-05 14:04:01 +09:00
plistlib.py Fix typos in multiple files (GH-26689) 2021-06-12 22:47:44 -04:00
poplib.py
posixpath.py bpo-26329: update os.path.normpath documentation (GH-20138) 2021-07-12 09:48:01 -03:00
pprint.py bpo-41546: make pprint (like print) not write to stdout when it is None (GH-26810) 2021-07-19 10:19:02 +01:00
profile.py
pstats.py Fix typos in multiple files (GH-26689) 2021-06-12 22:47:44 -04:00
pty.py bpo-26228: [doc] Adapt PTY documentation updates from GH-4167 (GH-27754) 2021-08-13 12:57:07 +02:00
py_compile.py
pyclbr.py
pydoc.py bpo-44967: pydoc: return non-zero exit code when query is not found (GH-27868) 2021-08-26 14:22:02 +02:00
queue.py
quopri.py
random.py bpo-40465: Remove random module features deprecated in 3.9 (GH-25874) 2021-05-04 10:55:40 +02:00
re.py
reprlib.py
rlcompleter.py bpo-44752: refactor part of rlcompleter.Completer.attr_matches (GH-27433) 2021-07-29 16:01:21 +02:00
runpy.py
sched.py
secrets.py
selectors.py
shelve.py
shlex.py
shutil.py bpo-33671 fix orphaned comment in shutil.copyfileobj (GH-27516) 2021-07-31 15:15:45 -04:00
signal.py
site.py
smtpd.py bpo-44498: Issue a deprecation warning on asynchat, asyncore and smtpd import (#26882) 2021-06-24 12:37:26 -07:00
smtplib.py bpo-44740: Lowercase "internet" and "web" where appropriate. (#27378) 2021-07-27 00:11:55 +02:00
sndhdr.py
socket.py Fix typos in multiple files (GH-26689) 2021-06-12 22:47:44 -04:00
socketserver.py
sre_compile.py
sre_constants.py
sre_parse.py
ssl.py Fix typos in multiple files (GH-26689) 2021-06-12 22:47:44 -04:00
stat.py
statistics.py Update nonstandard variable names (GH-26540) 2021-06-04 16:28:31 -07:00
string.py
stringprep.py
struct.py
subprocess.py bpo-44935: enable posix_spawn() on Solaris (GH-27795) 2021-08-17 11:09:48 -07:00
sunau.py
symtable.py bpo-42355: symtable.get_namespace() now checks whether there are multiple or any namespaces found (GH-23278) 2021-07-18 15:56:09 +03:00
sysconfig.py Fix osx_framework_user include to match distutils (#27093) 2021-07-15 11:44:04 +02:00
tabnanny.py
tarfile.py bpo-8978: improve tarfile.open error message when lzma / bz2 are missing (GH-24850) 2021-04-27 10:39:01 -07:00
telnetlib.py Remove unnecessary pass statements (GH-27103) 2021-07-13 15:02:30 +02:00
tempfile.py bpo-4928: Document NamedTemporaryFile non-deletion after SIGKILL (#26198) 2021-05-19 10:21:03 -04:00
textwrap.py
this.py
threading.py bpo-44422: threading.Thread reuses the _delete() method (GH-26741) 2021-06-16 11:41:17 +02:00
timeit.py
token.py
tokenize.py Add tests for the C tokenizer and expose it as a private module (GH-27924) 2021-08-24 17:50:05 +01:00
trace.py
traceback.py bpo-43950: support some multi-line expressions for PEP 657 (GH-27339) 2021-07-25 15:01:44 -07:00
tracemalloc.py
tty.py
turtle.py Update URLs in comments and metadata to use HTTPS (GH-27458) 2021-07-30 15:54:46 +02:00
types.py bpo-44732: Rename types.Union to types.UnionType (#27342) 2021-07-26 18:00:21 +02:00
typing.py bpo-44524: Don't modify MRO when inheriting from typing.Annotated (GH-27841) 2021-08-25 21:13:59 +03:00
uu.py
uuid.py
warnings.py
wave.py
weakref.py Update URLs in comments and metadata to use HTTPS (GH-27458) 2021-07-30 15:54:46 +02:00
webbrowser.py bpo-44740: Lowercase "internet" and "web" where appropriate. (#27378) 2021-07-27 00:11:55 +02:00
xdrlib.py
zipapp.py
zipfile.py bpo-44129: Add descriptive global variables for general purpose bit flags (GH-26118) 2021-07-03 17:37:57 +03:00
zipimport.py