git.ipfire.org Git - thirdparty/Python/cpython.git/commit

author	Seth Michael Larson <seth@python.org>
	Mon, 19 Jan 2026 12:38:22 +0000 (06:38 -0600)
committer	GitHub <noreply@github.com>
	Mon, 19 Jan 2026 12:38:22 +0000 (12:38 +0000)
commit	17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2
tree	1e0918f87bc9b3528b9aeefc705c209017f90fe3	tree \| snapshot
parent	bb2b9ba49d8a60629f0905bc27191fc84db39879	commit \| diff

gh-143935: Email preserve parens when folding comments (#143936)

Fix a bug in the folding of comments when flattening an email message
using a modern email policy. Comments consisting of a very long sequence of
non-foldable characters could trigger a forced line wrap that omitted the
required leading space on the continuation line, causing the remainder of
the comment to be interpreted as a new header field. This enabled header
injection with carefully crafted inputs.

Co-authored-by: Denis Ledoux <dle@odoo.com>

Lib/email/_header_value_parser.py		diff \| blob \| blame \| history
Lib/test/test_email/test__header_value_parser.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Security/2026-01-16-14-40-31.gh-issue-143935.U2YtKl.rst	[new file with mode: 0644]	blob