]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0d63669) | patch
[2.7] bpo-34155: Dont parse domains containing @ (GH-13079) (GH-16006)
authorRoberto C. Sánchez <roberto@connexer.com>
Sat, 14 Sep 2019 17:26:38 +0000 (13:26 -0400)
committerMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Sat, 14 Sep 2019 17:26:38 +0000 (10:26 -0700)
commit4cbcd2f8c4e12b912e4d21fd892eedf7a3813d8e
treec456cb25511355df0886112af658bcfdc50e4ea1tree | snapshot
parent0d63669e52dd7e95708ec14e9e3e07d7dc9cd913commit | diff
[2.7] bpo-34155: Dont parse domains containing @ (GH-13079) (GH-16006)

This change skips parsing of email addresses where domains include a "@" character, which can be maliciously used since the local part is returned as a complete address.

(cherry picked from commit 8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9)

Excludes changes to Lib/email/_header_value_parser.py, which did not
exist in 2.7.

Co-authored-by: jpic <jpic@users.noreply.github.com>
https://bugs.python.org/issue34155
Lib/email/_parseaddr.py diff | blob | blame | history
Lib/email/test/test_email.py diff | blob | blame | history
Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git