bpo-33529: Fix infinite loop in email header encoding #12020
Conversation
|
Hello, and thanks for your contribution! I'm a bot set up to make sure that the project can legally accept your contribution by verifying you have signed the PSF contributor agreement (CLA). Unfortunately we couldn't find an account corresponding to your GitHub username on bugs.python.org (b.p.o) to verify you have signed the CLA (this might be simply due to a missing "GitHub Name" entry in your b.p.o account settings). This is necessary for legal reasons before we can look at your contribution. Please follow the steps outlined in the CPython devguide to rectify this issue. You can check yourself to see if the CLA has been received. Thanks again for your contribution, we look forward to reviewing it! |
| ' =?utf-8?q?abuse=2Ephp=3Fmid=3Dxxx-xxx-xxxx' | ||
| 'xxxxxxxxxxxxxxxxxxxx=3D=3D-xxx-?=\n' | ||
| ' =?utf-8?q?xx-xx=3E?=\n') | ||
| 'com/report=5Fabuse?=\n' |
There was a problem hiding this comment.
Expected result was modified because the previous algorithms tended not to use all available space in the initial encoded words.
|
@bitdancer, @warsaw: Would you mind to have a look at this fix for a security issue in the email module? |
Lib/test/test_email/test_policy.py
Outdated
| @@ -237,6 +237,12 @@ def test_adding_default_policies_preserves_default_factory(self): | |||
| email.policy.EmailPolicy.header_factory) | |||
| self.assertEqual(newpolicy.__dict__, {'raise_on_defect': True}) | |||
|
|
|||
| def test_non_ascii_chars_do_not_cause_inf_loop(self): | |||
| policy = email.policy.default + email.policy.strict | |||
| msg = email.message.EmailMessage() | |||
There was a problem hiding this comment.
I think this doesn't need to be an EmailMessage, you can trigger this with just:
policy = email.policy.default
policy.fold('Subject', 'ą' * 100)There was a problem hiding this comment.
Thanks for the suggestion. Indeed, it's engough to just define the policy.
Lib/test/test_email/test_policy.py
Outdated
| policy = email.policy.default + email.policy.strict | ||
| msg = email.message.EmailMessage() | ||
| msg['Subject'] = 'ą'*100 | ||
| policy.fold('Subject', msg['Subject']) |
There was a problem hiding this comment.
While you are writing the test, you may want to make an assertion about the output of this.
Perhaps it will be easier to write an assertion if you set the max_line_length to be shorter, so something like:
policy = email.policy.default.clone(max_line_length=20)
actual = policy.fold("Subject", "ą" * 21)
self.assertEqual(actual,
'Subject: \n ' +
'=?utf-8?q?ąąąąąąą?=\n ' +
'=?utf-8?q?ąąąąąąą?=\n ' +
'=?utf-8?q?ąąąąąąą?=\n')There was a problem hiding this comment.
I tested the equality following your suggestion.
| @@ -0,0 +1,2 @@ | |||
| Prevent fold function used in email header encoding from entering infinite | |||
| loop when there are enough non-ASCII characters in a header. | |||
There was a problem hiding this comment.
| loop when there are enough non-ASCII characters in a header. | |
| loop when there are too many non-ASCII characters in a header. |
|
Great! |
|
Thanks @wojcikk2903 for the PR, and @vstinner for merging it 🌮🎉.. I'm working now to backport this PR to: 3.7. |
|
GH-13321 is a backport of this pull request to the 3.7 branch. |
|
I merged your PR, thanks @wojcikk2903. Thanks @msapiro and @pganssle for your reviews. |
Prevents the fold function from entering infinite loop when there are enough non-ASCII characters in the word to encode.
The issue was caused by strings being treated as in Python 2. This PR is related to the previous attempt in #7763 by @corona10 .
https://bugs.python.org/issue33529