]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ab6333f) | patch
gh-121284: Fix email address header folding with parsed encoded-word (GH-122754)
authorMike Edmunds <medmunds@gmail.com>
Tue, 18 Mar 2025 11:07:17 +0000 (04:07 -0700)
committerGitHub <noreply@github.com>
Tue, 18 Mar 2025 11:07:17 +0000 (12:07 +0100)
commit295b53df2aa18deb625a7da41f7e4babfe6ef34b
tree4937e75b5446e11cdc0b8a677c98bc9f216f4da8tree | snapshot
parentab6333f7f56554bfd6c01eff567ddfb163a3dae6commit | diff
gh-121284: Fix email address header folding with parsed encoded-word (GH-122754)

Email generators using email.policy.default may convert an RFC 2047
encoded-word to unencoded form during header refolding. In a structured
header, this could allow 'specials' chars outside a quoted-string,
leading to invalid address headers and enabling spoofing. This change
ensures a parsed encoded-word that contains specials is kept as an
encoded-word while the header is refolded.

[Better fix from @bitdancer.]

---------

Co-authored-by: R David Murray <rdmurray@bitdance.com>
Co-authored-by: Petr Viktorin <encukou@gmail.com>
Lib/email/_header_value_parser.py diff | blob | blame | history
Lib/test/test_email/test__header_value_parser.py diff | blob | blame | history
Misc/NEWS.d/next/Security/2024-08-06-12-27-34.gh-issue-121284.8rwPxe.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git