git.ipfire.org Git - thirdparty/Python/cpython.git/commit

author	Edgar Ramírez Mondragón <edgarrm358@gmail.com>
	Mon, 2 Mar 2026 23:58:52 +0000 (17:58 -0600)
committer	GitHub <noreply@github.com>
	Mon, 2 Mar 2026 23:58:52 +0000 (23:58 +0000)
commit	003b8315669b9f08b1010a49071f73f15f818094
tree	a37fe3656e06e28a79f31471a67ef650cb0e765c	tree \| snapshot
parent	384afddc8502fd94527dd274604ad3939d56bb3c	commit \| diff

[3.10] gh-143935: Email preserve parens when folding comments (GH-143936) (#144350)

Fix a bug in the folding of comments when flattening an email message
using a modern email policy. Comments consisting of a very long sequence of
non-foldable characters could trigger a forced line wrap that omitted the
required leading space on the continuation line, causing the remainder of
the comment to be interpreted as a new header field. This enabled header
injection with carefully crafted inputs.
(cherry picked from commit 17d1490)

Co-authored-by: Seth Michael Larson seth@python.org
Co-authored-by: Denis Ledoux dle@odoo.com
- Issue: Fix folding of long comments of unfoldable characters in email headers #143935

Signed-off-by: Edgar Ramírez Mondragón <edgarrm358@gmail.com>
Co-authored-by: Seth Michael Larson <seth@python.org>

Lib/email/_header_value_parser.py		diff \| blob \| blame \| history
Lib/test/test_email/test__header_value_parser.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Security/2026-01-16-14-40-31.gh-issue-143935.U2YtKl.rst	[new file with mode: 0644]	blob