@@ -294,6 +294,16 @@ def testEXPNNotImplemented(self):
294294 self .assertEqual (smtp .getreply (), expected )
295295 smtp .quit ()
296296
297+ def test_issue43124_putcmd_escapes_newline (self ):
298+ # see: https://bugs.python.org/issue43124
299+ smtp = smtplib .SMTP (HOST , self .port , local_hostname = 'localhost' ,
300+ timeout = 10 ) # support.LOOPBACK_TIMEOUT in newer Pythons
301+ self .addCleanup (smtp .close )
302+ with self .assertRaises (ValueError ) as exc :
303+ smtp .putcmd ('helo\n X-INJECTED' )
304+ self .assertIn ("prohibited newline characters" , str (exc .exception ))
305+ smtp .quit ()
306+
297307 def testVRFY (self ):
298308 smtp = smtplib .SMTP (HOST , self .port , local_hostname = 'localhost' , timeout = 3 )
299309 self .addCleanup (smtp .close )
@@ -369,6 +379,51 @@ def testSendNeedingDotQuote(self):
369379 mexpect = '%s%s\n %s' % (MSG_BEGIN , m , MSG_END )
370380 self .assertEqual (self .output .getvalue (), mexpect )
371381
382+ def test_issue43124_escape_localhostname (self ):
383+ # see: https://bugs.python.org/issue43124
384+ # connect and send mail
385+ m = 'wazzuuup\n linetwo'
386+ smtp = smtplib .SMTP (HOST , self .port , local_hostname = 'hi\n X-INJECTED' ,
387+ timeout = 10 ) # support.LOOPBACK_TIMEOUT in newer Pythons
388+ self .addCleanup (smtp .close )
389+ with self .assertRaises (ValueError ) as exc :
390+ smtp .sendmail ("hi@me.com" , "you@me.com" , m )
391+ self .assertIn (
392+ "prohibited newline characters: ehlo hi\\ nX-INJECTED" ,
393+ str (exc .exception ),
394+ )
395+ # XXX (see comment in testSend)
396+ time .sleep (0.01 )
397+ smtp .quit ()
398+
399+ debugout = smtpd .DEBUGSTREAM .getvalue ()
400+ self .assertNotIn ("X-INJECTED" , debugout )
401+
402+ def test_issue43124_escape_options (self ):
403+ # see: https://bugs.python.org/issue43124
404+ # connect and send mail
405+ m = 'wazzuuup\n linetwo'
406+ smtp = smtplib .SMTP (
407+ HOST , self .port , local_hostname = 'localhost' ,
408+ timeout = 10 ) # support.LOOPBACK_TIMEOUT in newer Pythons
409+
410+ self .addCleanup (smtp .close )
411+ smtp .sendmail ("hi@me.com" , "you@me.com" , m )
412+ with self .assertRaises (ValueError ) as exc :
413+ smtp .mail ("hi@me.com" , ["X-OPTION\n X-INJECTED-1" , "X-OPTION2\n X-INJECTED-2" ])
414+ msg = str (exc .exception )
415+ self .assertIn ("prohibited newline characters" , msg )
416+ self .assertIn ("X-OPTION\\ nX-INJECTED-1 X-OPTION2\\ nX-INJECTED-2" , msg )
417+ # XXX (see comment in testSend)
418+ time .sleep (0.01 )
419+ smtp .quit ()
420+
421+ debugout = smtpd .DEBUGSTREAM .getvalue ()
422+ self .assertNotIn ("X-OPTION" , debugout )
423+ self .assertNotIn ("X-OPTION2" , debugout )
424+ self .assertNotIn ("X-INJECTED-1" , debugout )
425+ self .assertNotIn ("X-INJECTED-2" , debugout )
426+
372427 def testSendNullSender (self ):
373428 m = 'A test message'
374429 smtp = smtplib .SMTP (HOST , self .port , local_hostname = 'localhost' , timeout = 3 )
0 commit comments