]> granicus.if.org Git - python/commit
projects / python / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 82494aa) | patch
bpo-37461: Fix infinite loop in parsing of specially crafted email headers (GH-14794)
authorAbhilash Raj <maxking@users.noreply.github.com>
Wed, 17 Jul 2019 16:44:27 +0000 (09:44 -0700)
committerBarry Warsaw <barry@python.org>
Wed, 17 Jul 2019 16:44:27 +0000 (09:44 -0700)
commita4a994bd3e619cbaff97610a1cee8ffa87c672f5
tree6aee3d24c4a984481adf2921c31108635b0857cetree | snapshot
parent82494aa6d947c4a320c09c58fe0f100cdcf7af0bcommit | diff
bpo-37461: Fix infinite loop in parsing of specially crafted email headers (GH-14794)

* bpo-37461: Fix infinite loop in parsing of specially crafted email headers.

Some crafted email header would cause the get_parameter method to run in an
infinite loop causing a DoS attack surface when parsing those headers. This
patch fixes that by making sure the DQUOTE character is handled to prevent
going into an infinite loop.
Lib/email/_header_value_parser.py diff | blob | history
Lib/test/test_email/test__header_value_parser.py diff | blob | history
Misc/NEWS.d/next/Security/2019-07-16-08-11-00.bpo-37461.1Ahz7O.rst [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.