git.ipfire.org Git - thirdparty/Python/cpython.git/commit

[3.12] gh-121284: Fix email address header folding with parsed encoded-word (GH-122754) (#131404)

gh-121284: Fix email address header folding with parsed encoded-word (GH-122754)

Email generators using email.policy.default may convert an RFC 2047
encoded-word to unencoded form during header refolding. In a structured
header, this could allow 'specials' chars outside a quoted-string,
leading to invalid address headers and enabling spoofing. This change
ensures a parsed encoded-word that contains specials is kept as an
encoded-word while the header is refolded.

[Better fix from @bitdancer.]

---------
(cherry picked from commit 295b53df2aa18deb625a7da41f7e4babfe6ef34b)

Co-authored-by: Mike Edmunds <medmunds@gmail.com>
Co-authored-by: R David Murray <rdmurray@bitdance.com>
Co-authored-by: Petr Viktorin <encukou@gmail.com>

author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Tue, 18 Mar 2025 19:35:32 +0000 (20:35 +0100)
committer	GitHub <noreply@github.com>
	Tue, 18 Mar 2025 19:35:32 +0000 (15:35 -0400)
commit	5dfb5e640ec03ff057dbd9f1e32bf6a493fd2f3d
tree	c7384c745d42d3841bcf2296c241e7eb2e0201e1	tree \| snapshot
parent	865bd6de991dae966ec4bf4eb698ab8c19afdb21	commit \| diff

Lib/email/_header_value_parser.py		diff \| blob \| blame \| history
Lib/test/test_email/test__header_value_parser.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Security/2024-08-06-12-27-34.gh-issue-121284.8rwPxe.rst	[new file with mode: 0644]	blob