]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 79a47e2) | patch
bpo-37461: Fix infinite loop in parsing of specially crafted email headers (GH-14794...
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Thu, 1 Aug 2019 16:36:46 +0000 (09:36 -0700)
committerNed Deily <nad@python.org>
Thu, 1 Aug 2019 16:36:46 +0000 (12:36 -0400)
commit1789bbdd3e03023951a39933ef12dee0a03be616
treedab34e0f32e37d6cda7e2eb6a54f866fccb20f71tree | snapshot
parent79a47e2b9cff6c9facdbc022a752177ab89dc533commit | diff
bpo-37461: Fix infinite loop in parsing of specially crafted email headers (GH-14794) (GH-14817)

Some crafted email header would cause the get_parameter method to run in an
infinite loop causing a DoS attack surface when parsing those headers. This
patch fixes that by making sure the DQUOTE character is handled to prevent
going into an infinite loop.
(cherry picked from commit a4a994bd3e619cbaff97610a1cee8ffa87c672f5)

Co-authored-by: Abhilash Raj <maxking@users.noreply.github.com>
Lib/email/_header_value_parser.py diff | blob | blame | history
Lib/test/test_email/test__header_value_parser.py diff | blob | blame | history
Misc/NEWS.d/next/Security/2019-07-16-08-11-00.bpo-37461.1Ahz7O.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git