bpo-37764: Fix infinite loop when parsing unstructured email headers. #15239
Conversation
|
A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated. Once you have made the requested changes, please leave a comment on this pull request containing the phrase |
|
I have made the requested changes; please review again |
|
Thanks for making the requested changes! @maxking: please review the changes made to this pull request. |
Lib/email/_header_value_parser.py
Outdated
| @@ -1039,7 +1039,7 @@ def get_encoded_word(value): | |||
| raise errors.HeaderParseError( | |||
| "expected encoded word but found {}".format(value)) | |||
| remstr = ''.join(remainder) | |||
| if len(remstr) > 1 and remstr[0] in hexdigits and remstr[1] in hexdigits: | |||
| if len(remstr) > 1 and remstr[0] in hexdigits and remstr[1] in hexdigits and tok.count('?') < 2: | |||
There was a problem hiding this comment.
Probably needs to be split on multiple line for pep8.
There was a problem hiding this comment.
Done.
Is there a way to check for this automatically? What's the standard I should usually apply? (for example, this file doesn't have two blank lines between each class, which also violates pep8)
|
A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated. Once you have made the requested changes, please leave a comment on this pull request containing the phrase And if you don't make the requested changes, you will be poked with soft cushions! |
|
I applied this patch to a local install of python 3.7, and the problem seemed to persist with my test case. The attached file has the email I parsed, with some content redacted for privacy. It appears to be very mangled, but even so the library should probably not fall into an infinite loop if it receives mangled data. Hopefully you can reproduce the error, otherwise it might just be an artefact of my patching method. |
I did add a test in this PR with that mangled message, but it doesn't seem to hang. Either it's an artefact with your patching method, or a different issue with 3.7. |
|
I have made the requested changes; please review again. |
maxking
changed the title
maxking
changed the title
|
Thanks @epicfaace for the PR 🌮🎉.. I'm working now to backport this PR to: 3.7, 3.8. |
|
Sorry, @epicfaace, I could not cleanly backport this to |
|
Sorry @epicfaace, I had trouble checking out the |
…aders. (pythonGH-15239) Fixes a case in which email._header_value_parser.get_unstructured hangs the system for some invalid headers. This covers the cases in which the header contains either: - a case without trailing whitespace - an invalid encoded word https://bugs.python.org/issue37764 This fix should also be backported to 3.7 and 3.8 https://bugs.python.org/issue37764 (cherry picked from commit c5b242f) Co-authored-by: Ashwin Ramaswami <[email protected]>
|
GH-15654 is a backport of this pull request to the 3.7 branch. |
…aders. (GH-15239) (GH-15654) …aders. (GH-15239) Fixes a case in which email._header_value_parser.get_unstructured hangs the system for some invalid headers. This covers the cases in which the header contains either: - a case without trailing whitespace - an invalid encoded word https://bugs.python.org/issue37764 This fix should also be backported to 3.7 and 3.8 https://bugs.python.org/issue37764 (cherry picked from commit c5b242f) Co-authored-by: Ashwin Ramaswami <[email protected]> https://bugs.python.org/issue37764
…aders. (pythonGH-15239) Fixes a case in which email._header_value_parser.get_unstructured hangs the system for some invalid headers. This covers the cases in which the header contains either: - a case without trailing whitespace - an invalid encoded word https://bugs.python.org/issue37764 This fix should also be backported to 3.7 and 3.8 https://bugs.python.org/issue37764 (cherry picked from commit c5b242f) Co-authored-by: Ashwin Ramaswami <[email protected]>
|
GH-15686 is a backport of this pull request to the 3.8 branch. |
…aders. (GH-15239) (GH-15686) Fixes a case in which email._header_value_parser.get_unstructured hangs the system for some invalid headers. This covers the cases in which the header contains either: - a case without trailing whitespace - an invalid encoded word https://bugs.python.org/issue37764 This fix should also be backported to 3.7 and 3.8 https://bugs.python.org/issue37764 (cherry picked from commit c5b242f) Co-authored-by: Ashwin Ramaswami <[email protected]>
…pythonGH-15239) Fixes a case in which email._header_value_parser.get_unstructured hangs the system for some invalid headers. This covers the cases in which the header contains either: - a case without trailing whitespace - an invalid encoded word https://bugs.python.org/issue37764 This fix should also be backported to 3.7 and 3.8 https://bugs.python.org/issue37764
…pythonGH-15239) Fixes a case in which email._header_value_parser.get_unstructured hangs the system for some invalid headers. This covers the cases in which the header contains either: - a case without trailing whitespace - an invalid encoded word https://bugs.python.org/issue37764 This fix should also be backported to 3.7 and 3.8 https://bugs.python.org/issue37764
…pythonGH-15239) Fixes a case in which email._header_value_parser.get_unstructured hangs the system for some invalid headers. This covers the cases in which the header contains either: - a case without trailing whitespace - an invalid encoded word https://bugs.python.org/issue37764 This fix should also be backported to 3.7 and 3.8 https://bugs.python.org/issue37764
Fixes a case in which email._header_value_parser.get_unstructured hangs the system for some invalid headers. This covers the cases in which the header contains either:
https://bugs.python.org/issue37764
This fix should also be backported to 3.7 and 3.8
https://bugs.python.org/issue37764
Automerge-Triggered-By: @maxking