@@ -294,6 +294,16 @@ def testEXPNNotImplemented(self):
294
294
self .assertEqual (smtp .getreply (), expected )
295
295
smtp .quit ()
296
296
297
+ def test_issue43124_putcmd_escapes_newline (self ):
298
+ # see: https://bugs.python.org/issue43124
299
+ smtp = smtplib .SMTP (HOST , self .port , local_hostname = 'localhost' ,
300
+ timeout = 10 ) # support.LOOPBACK_TIMEOUT in newer Pythons
301
+ self .addCleanup (smtp .close )
302
+ with self .assertRaises (ValueError ) as exc :
303
+ smtp .putcmd ('helo\n X-INJECTED' )
304
+ self .assertIn ("prohibited newline characters" , str (exc .exception ))
305
+ smtp .quit ()
306
+
297
307
def testVRFY (self ):
298
308
smtp = smtplib .SMTP (HOST , self .port , local_hostname = 'localhost' , timeout = 3 )
299
309
self .addCleanup (smtp .close )
@@ -369,6 +379,51 @@ def testSendNeedingDotQuote(self):
369
379
mexpect = '%s%s\n %s' % (MSG_BEGIN , m , MSG_END )
370
380
self .assertEqual (self .output .getvalue (), mexpect )
371
381
382
+ def test_issue43124_escape_localhostname (self ):
383
+ # see: https://bugs.python.org/issue43124
384
+ # connect and send mail
385
+ m = 'wazzuuup\n linetwo'
386
+ smtp = smtplib .SMTP (HOST , self .port , local_hostname = 'hi\n X-INJECTED' ,
387
+ timeout = 10 ) # support.LOOPBACK_TIMEOUT in newer Pythons
388
+ self .addCleanup (smtp .close )
389
+ with self .assertRaises (ValueError ) as exc :
390
+ smtp .sendmail ("hi@me.com" , "you@me.com" , m )
391
+ self .assertIn (
392
+ "prohibited newline characters: ehlo hi\\ nX-INJECTED" ,
393
+ str (exc .exception ),
394
+ )
395
+ # XXX (see comment in testSend)
396
+ time .sleep (0.01 )
397
+ smtp .quit ()
398
+
399
+ debugout = smtpd .DEBUGSTREAM .getvalue ()
400
+ self .assertNotIn ("X-INJECTED" , debugout )
401
+
402
+ def test_issue43124_escape_options (self ):
403
+ # see: https://bugs.python.org/issue43124
404
+ # connect and send mail
405
+ m = 'wazzuuup\n linetwo'
406
+ smtp = smtplib .SMTP (
407
+ HOST , self .port , local_hostname = 'localhost' ,
408
+ timeout = 10 ) # support.LOOPBACK_TIMEOUT in newer Pythons
409
+
410
+ self .addCleanup (smtp .close )
411
+ smtp .sendmail ("hi@me.com" , "you@me.com" , m )
412
+ with self .assertRaises (ValueError ) as exc :
413
+ smtp .mail ("hi@me.com" , ["X-OPTION\n X-INJECTED-1" , "X-OPTION2\n X-INJECTED-2" ])
414
+ msg = str (exc .exception )
415
+ self .assertIn ("prohibited newline characters" , msg )
416
+ self .assertIn ("X-OPTION\\ nX-INJECTED-1 X-OPTION2\\ nX-INJECTED-2" , msg )
417
+ # XXX (see comment in testSend)
418
+ time .sleep (0.01 )
419
+ smtp .quit ()
420
+
421
+ debugout = smtpd .DEBUGSTREAM .getvalue ()
422
+ self .assertNotIn ("X-OPTION" , debugout )
423
+ self .assertNotIn ("X-OPTION2" , debugout )
424
+ self .assertNotIn ("X-INJECTED-1" , debugout )
425
+ self .assertNotIn ("X-INJECTED-2" , debugout )
426
+
372
427
def testSendNullSender (self ):
373
428
m = 'A test message'
374
429
smtp = smtplib .SMTP (HOST , self .port , local_hostname = 'localhost' , timeout = 3 )
0 commit comments