mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-07-29 06:05:00 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9
cpython/Lib/email
History
Miss Islington (bot) 9a79242567
bpo-45001: Make email date parsing more robust against malformed input (GH-27946) 
Various date parsing utilities in the email module, such as
email.utils.parsedate(), are supposed to gracefully handle invalid
input, typically by raising an appropriate exception or by returning
None.

The internal email._parseaddr._parsedate_tz() helper used by some of
these date parsing routines tries to be robust against malformed input,
but unfortunately it can still crash ungracefully when a non-empty but
whitespace-only input is passed. This manifests as an unexpected
IndexError.

In practice, this can happen when parsing an email with only a newline
inside a ‘Date:’ header, which unfortunately happens occasionally in the
real world.

Here's a minimal example:

    $ python
    Python 3.9.6 (default, Jun 30 2021, 10:22:16)
    [GCC 11.1.0] on linux
    Type "help", "copyright", "credits" or "license" for more information.
    >>> import email.utils
    >>> email.utils.parsedate('foo')
    >>> email.utils.parsedate(' ')
    Traceback (most recent call last):
      File "<stdin>", line 1, in <module>
      File "/usr/lib/python3.9/email/_parseaddr.py", line 176, in parsedate
        t = parsedate_tz(data)
      File "/usr/lib/python3.9/email/_parseaddr.py", line 50, in parsedate_tz
        res = _parsedate_tz(data)
      File "/usr/lib/python3.9/email/_parseaddr.py", line 72, in _parsedate_tz
        if data[0].endswith(',') or data[0].lower() in _daynames:
    IndexError: list index out of range

The fix is rather straight-forward: guard against empty lists, after
splitting on whitespace, but before accessing the first element.
(cherry picked from commit 989f6a3800)

Co-authored-by: wouter bolsterlee <wouter@bolsterl.ee>
2021-08-26 08:47:27 -07:00
..
mime
__init__.py
_encoded_words.py
_header_value_parser.py bpo-39040: Fix parsing of email mime headers with whitespace between encoded-words. (gh-17620) 2020-05-28 20:04:59 -04:00
_parseaddr.py bpo-45001: Make email date parsing more robust against malformed input (GH-27946) 2021-08-26 08:47:27 -07:00
_policybase.py
architecture.rst
base64mime.py bpo-43125: Fix: return expected type (str), not original value (bytes) in email/base64mime.py::body_encode (GH-24476) 2021-03-30 17:37:37 +09:00
charset.py
contentmanager.py bpo-41402: Fix email ContentManager calling .encode() on bytes (GH-21631) 2021-08-09 16:44:17 -07:00
encoders.py
errors.py bpo-30681: Support invalid date format or value in email Date header (GH-22090) 2020-10-26 17:31:06 -07:00
feedparser.py
generator.py bpo-27321 Fix email.generator.py to not replace a non-existent header. (GH-18074) 2020-10-19 15:49:19 -07:00
header.py
headerregistry.py Remove comment about a private email.headerregistry (GH-24233) 2021-02-24 17:21:32 -04:00
iterators.py
message.py bpo-42892: fix email multipart attribute error (GH-26903) (GH-27492) 2021-07-30 19:27:06 +02:00
parser.py
policy.py
quoprimime.py
utils.py bpo-27513: email.utils.getaddresses() now handles Header objects (GH-13797) (GH-27242) 2021-07-19 18:54:45 +02:00