8000 [3.5] bpo-37461: Fix infinite loop in parsing of specially crafted em… · stackless-dev/stackless@c28e4a5 · GitHub
[go: up one dir, main page]
Skip to content
This repository was archived by the owner on Feb 13, 2025. It is now read-only.

Commit c28e4a5

Browse files
maxkingepicfaace
authored and
larryhastings
committed
[3.5] bpo-37461: Fix infinite loop in parsing of specially crafted email headers (pythonGH-14794) (python#15446)
* [3.5] bpo-37461: Fix infinite loop in parsing of specially crafted email headers (pythonGH-14794) Some crafted email header would cause the get_parameter method to run in an infinite loop causing a DoS attack surface when parsing those headers. This patch fixes that by making sure the DQUOTE character is handled to prevent going into an infinite loop. (cherry picked from commit a4a994b) Co-authored-by: Abhilash Raj <maxking@users.noreply.github.com> Co-Authored-By: Ashwin Ramaswami <aramaswamis@gmail.com>
1 parent 095373c commit c28e4a5

File tree

3 files changed

+12
-0
lines changed

3 files changed

+12
-0
lines changed

Lib/email/_header_value_parser.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2771,6 +2771,9 @@ def get_parameter(value):
27712771
while value:
27722772
if value[0] in WSP:
27732773
token, value = get_fws(value)
2774+
elif value[0] == '"':
2775+
token = ValueTerminal('"', 'DQUOTE')
2776+
value = value[1:]
27742777
else:
27752778
token, value = get_qcontent(value)
27762779
v.append(token)

Lib/test/test_email/test__header_value_parser.py

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2573,6 +2573,13 @@ def mime_parameters_as_value(self,
25732573
# Defects are apparent missing *0*, and two 'out of sequence'.
25742574
[errors.InvalidHeaderDefect]*3),
25752575

2576+
# bpo-37461: Check that we don't go into an infinite loop.
2577+
'extra_dquote': (
2578+
'r*="\'a\'\\"',
2579+
' r="\\""',
2580+
'r*=\'a\'"',
2581+
[('r', '"')],
2582+
[errors.InvalidHeaderDefect]*2),
25762583
}
25772584

25782585
@parameterize

Misc/NEWS.d/next/Security/2019-07-16-08-11-00.bpo-37461.1Ahz7O.rst

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
Fix an infinite loop when parsing specially crafted email headers. Patch by
2+
Abhilash Raj.

0 commit comments

Comments
 (0)
0