@@ -282,6 +282,16 @@ def testEXPNNotImplemented(self):
282282 self .assertEqual (smtp .getreply (), expected )
283283 smtp .quit ()
284284
285+ def test_issue43124_putcmd_escapes_newline (self ):
286+ # see: https://bugs.python.org/issue43124
287+ smtp = smtplib .SMTP (HOST , self .port , local_hostname = 'localhost' ,
288+ timeout = 10 ) # support.LOOPBACK_TIMEOUT in newer Pythons
289+ self .addCleanup (smtp .close )
290+ with self .assertRaises (ValueError ) as exc :
291+ smtp .putcmd ('helo\n X-INJECTED' )
292+ self .assertIn ("prohibited newline characters" , str (exc .exception ))
293+ smtp .quit ()
294+
285295 def testVRFY (self ):
286296 smtp = smtplib .SMTP (HOST , self .port , local_hostname = 'localhost' , timeout = 3 )
287297 expected = (252 , b'Cannot VRFY user, but will accept message ' + \
@@ -351,6 +361,51 @@ def testSendNeedingDotQuote(self):
351361 mexpect = '%s%s\n %s' % (MSG_BEGIN , m , MSG_END )
352362 self .assertEqual (self .output .getvalue (), mexpect )
353363
364+ def test_issue43124_escape_localhostname (self ):
365+ # see: https://bugs.python.org/issue43124
366+ # connect and send mail
367+ m = 'wazzuuup\n linetwo'
368+ smtp = smtplib .SMTP (HOST , self .port , local_hostname = 'hi\n X-INJECTED' ,
369+ timeout = 10 ) # support.LOOPBACK_TIMEOUT in newer Pythons
370+ self .addCleanup (smtp .close )
371+ with self .assertRaises (ValueError ) as exc :
372+ smtp .sendmail ("hi@me.com" , "you@me.com" , m )
373+ self .assertIn (
374+ "prohibited newline characters: ehlo hi\\ nX-INJECTED" ,
375+ str (exc .exception ),
376+ )
377+ # XXX (see comment in testSend)
378+ time .sleep (0.01 )
379+ smtp .quit ()
380+
381+ debugout = smtpd .DEBUGSTREAM .getvalue ()
382+ self .assertNotIn ("X-INJECTED" , debugout )
383+
384+ def test_issue43124_escape_options (self ):
385+ # see: https://bugs.python.org/issue43124
386+ # connect and send mail
387+ m = 'wazzuuup\n linetwo'
388+ smtp = smtplib .SMTP (
389+ HOST , self .port , local_hostname = 'localhost' ,
390+ timeout = 10 ) # support.LOOPBACK_TIMEOUT in newer Pythons
391+
392+ self .addCleanup (smtp .close )
393+ smtp .sendmail ("hi@me.com" , "you@me.com" , m )
394+ with self .assertRaises (ValueError ) as exc :
395+ smtp .mail ("hi@me.com" , ["X-OPTION\n X-INJECTED-1" , "X-OPTION2\n X-INJECTED-2" ])
396+ msg = str (exc .exception )
397+ self .assertIn ("prohibited newline characters" , msg )
398+ self .assertIn ("X-OPTION\\ nX-INJECTED-1 X-OPTION2\\ nX-INJECTED-2" , msg )
399+ # XXX (see comment in testSend)
400+ time .sleep (0.01 )
401+ smtp .quit ()
402+
403+ debugout = smtpd .DEBUGSTREAM .getvalue ()
404+ self .assertNotIn ("X-OPTION" , debugout )
405+ self .assertNotIn ("X-OPTION2" , debugout )
406+ self .assertNotIn ("X-INJECTED-1" , debugout )
407+ self .assertNotIn ("X-INJECTED-2" , debugout )
408+
354409 def testSendNullSender (self ):
355410 m = 'A test message'
356411 smtp = smtplib .SMTP (HOST , self .port , local_hostname = 'localhost' , timeout = 3 )
0 commit comments