Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity
cpython/Lib
History
wouter bolsterlee 989f6a3800
bpo-45001: Make email date parsing more robust against malformed input (GH-27946) 
Various date parsing utilities in the email module, such as
email.utils.parsedate(), are supposed to gracefully handle invalid
input, typically by raising an appropriate exception or by returning
None.

The internal email._parseaddr._parsedate_tz() helper used by some of
these date parsing routines tries to be robust against malformed input,
but unfortunately it can still crash ungracefully when a non-empty but
whitespace-only input is passed. This manifests as an unexpected
IndexError.

In practice, this can happen when parsing an email with only a newline
inside a ‘Date:’ header, which unfortunately happens occasionally in the
real world.

Here's a minimal example:

    $ python
    Python 3.9.6 (default, Jun 30 2021, 10:22:16)
    [GCC 11.1.0] on linux
    Type "help", "copyright", "credits" or "license" for more information.
    >>> import email.utils
    >>> email.utils.parsedate('foo')
    >>> email.utils.parsedate(' ')
    Traceback (most recent call last):
      File "<stdin>", line 1, in <module>
      File "/usr/lib/python3.9/email/_parseaddr.py", line 176, in parsedate
        t = parsedate_tz(data)
      File "/usr/lib/python3.9/email/_parseaddr.py", line 50, in parsedate_tz
        res = _parsedate_tz(data)
      File "/usr/lib/python3.9/email/_parseaddr.py", line 72, in _parsedate_tz
        if data[0].endswith(',') or data[0].lower() in _daynames:
    IndexError: list index out of range

The fix is rather straight-forward: guard against empty lists, after
splitting on whitespace, but before accessing the first element.
 		2021-08-26 16:49:03 +02:00
..
asyncio Trivial typo in docstring 2021-07-31 06:36:10 +02:00
collections bpo-27275: Change popitem() and pop() methods of collections.OrderedDict (GH-27530) 2021-08-03 13:00:55 +02:00
concurrent Use `from` imports (GH-26594) 2021-06-08 06:47:15 -03:00
ctypes Update URLs in comments and metadata to use HTTPS (GH-27458) 2021-07-30 15:54:46 +02:00
curses
dbm
distutils bpo-44781: make distutils test suppress deprecation warning from import distutils (GH-27485) 2021-08-02 11:34:55 +02:00
email bpo-45001: Make email date parsing more robust against malformed input (GH-27946) 2021-08-26 16:49:03 +02:00
encodings bpo-39337: encodings.normalize_encoding() now ignores non-ASCII characters (GH-22219) 2020-10-14 17:43:31 +02:00
ensurepip Upgrade bundled pip and setuptools (#27625) 2021-08-06 20:22:48 +02:00
html bpo-41748: Handles unquoted attributes with commas (#24072) 2021-02-01 21:32:50 +01:00
http Fix typos in multiple files (GH-26689) 2021-06-12 22:47:44 -04:00
idlelib Update URLs in comments and metadata to use HTTPS (GH-27458) 2021-07-30 15:54:46 +02:00
importlib bpo-43392: Optimize repeated calls to `__import__()` (GH-24735) 2021-08-12 11:23:29 -07:00
json bpo-39828: Fix json.tool to catch BrokenPipeError (GH-18779) 2020-03-10 08:41:44 +01:00
lib2to3 make lib2to3 parse async generators everywhere (GH-6588) 2021-08-10 11:31:32 +02:00
logging bpo-44291: Fix reconnection in logging.handlers.SysLogHandler (GH-26490) 2021-08-05 14:58:16 +01:00
msilib
multiprocessing bpo-38840: Incorrect __all__ in multiprocessing.managers (GH-18034) 2021-08-09 18:44:55 +02:00
pydoc_data Python 3.10.0a7 2021-04-05 17:39:49 +01:00
site-packages
sqlite3 bpo-27334: roll back transaction if sqlite3 context manager fails to commit (GH-26202) 2021-08-25 11:59:42 +01:00
test bpo-45001: Make email date parsing more robust against malformed input (GH-27946) 2021-08-26 16:49:03 +02:00
tkinter bpo-44404: tkinter `after` support callable classes (GH-26812) 2021-06-23 13:30:24 +03:00
turtledemo bpo-44254: On Mac, remove disfunctional colors from turtledemo buttons (GH-26448) 2021-05-29 03:19:50 -04:00
unittest bpo-41322: Add unit tests for deprecation of test return values (GH-27846) 2021-08-22 21:32:45 +03:00
urllib Update URLs in comments and metadata to use HTTPS (GH-27458) 2021-07-30 15:54:46 +02:00
venv bpo-43749: Ensure current exe is copied when using venv on windows (GH-25216) 2021-05-19 02:37:17 -07:00
wsgiref
xml Update URLs in comments and metadata to use HTTPS (GH-27458) 2021-07-30 15:54:46 +02:00
xmlrpc Update URLs in comments and metadata to use HTTPS (GH-27458) 2021-07-30 15:54:46 +02:00
zoneinfo fix typo in warning (#20620) 2021-04-25 10:45:05 -07:00
__future__.py Set the release for `__future__.annotations` to 3.11 (#25596) 2021-04-25 17:09:24 +01:00
__phello__.foo.py
_aix_support.py Fix typos in multiple files (GH-26689) 2021-06-12 22:47:44 -04:00
_bootsubprocess.py bpo-40094: Add os.waitstatus_to_exitcode() (GH-19201) 2020-04-01 18:49:29 +02:00
_collections_abc.py bpo-44801: Check arguments in substitution of ParamSpec in Callable (GH-27585) 2021-08-04 20:07:01 +02:00
_compat_pickle.py
_compression.py bpo-41486: Faster bz2/lzma/zlib via new output buffering (GH-21740) 2021-04-27 23:58:54 -07:00
_markupbase.py bpo-31844: Remove _markupbase.ParserBase.error() (GH-8562) 2020-07-16 09:13:05 +03:00
_osx_support.py bpo-43425: Update _osx_support not to use distutils.log (GH-26968) 2021-07-01 09:35:10 +09:00
_py_abc.py
_pydecimal.py Remove unnecessary test for `xc == 1` in _pydecimal (GH-27102) 2021-07-15 12:48:46 +02:00
_pyio.py bpo-43680: Deprecate io.OpenWrapper (GH-25357) 2021-04-14 03:24:33 +02:00
_sitebuiltins.py bpo-43651: PEP 597: Fix EncodingWarning in some tests (GH-25189) 2021-04-06 11:18:41 +09:00
_strptime.py bpo-43295: Fix error handling of datetime.strptime format string '%z' (GH-24627) 2021-03-03 08:58:57 -08:00
_threading_local.py
_weakrefset.py bpo-39481: Make weakref and WeakSet generic (GH-19497) 2020-04-13 21:54:40 -07:00
abc.py Clarify the order of a stacked `abstractmethod` (GH-26892) 2021-06-27 21:02:23 +03:00
aifc.py bpo-30077: Add support for Apple aifc/sowt pseudo-compression (GH-24449) 2021-08-13 13:31:25 +02:00
antigravity.py bpo-9216: Nobody expects the geohashing FIPS inquisition (GH-19520) 2020-04-14 12:49:11 -07:00
argparse.py bpo-38956: don't print BooleanOptionalAction's default twice (GH-27672) 2021-08-16 23:42:21 +02:00
ast.py Fix typos in multiple files (GH-26689) 2021-06-12 22:47:44 -04:00
asynchat.py bpo-44498: Issue a deprecation warning on asynchat, asyncore and smtpd import (#26882) 2021-06-24 12:37:26 -07:00
asyncore.py bpo-44498: Issue a deprecation warning on asynchat, asyncore and smtpd import (#26882) 2021-06-24 12:37:26 -07:00
base64.py bpo-44690: Adopt binacii.a2b_base64's strict mode in base64.b64decode (GH-27272) 2021-08-23 16:44:28 -07:00
bdb.py fix docstring typo in bdb.py (GH-22323) 2021-05-17 00:20:33 +01:00
binhex.py bpo-29566: binhex.binhex now consitently writes MacOS 9 line endings. (GH-23059) 2020-11-01 01:08:48 -08:00
bisect.py bpo-4356: Add key function support to the bisect module (GH-20556) 2020-10-19 22:04:01 -07:00
bz2.py bpo-44439: BZ2File.write() / LZMAFile.write() handle buffer protocol correctly (GH-26764) 2021-06-22 10:04:23 +03:00
cProfile.py bpo-42005: profile and cProfile catch BrokenPipeError (GH-22643) 2021-01-20 09:56:21 +01:00
calendar.py bpo-35078: Allow customization of CSS class name of a month in calendar module (gh-10137) 2020-06-02 13:33:09 +02:00
cgi.py bpo-41139: Deprecate `cgi.log()` (GH-25625) 2021-04-29 11:36:04 +09:00
cgitb.py bpo-44740: Lowercase "internet" and "web" where appropriate. (#27378) 2021-07-27 00:11:55 +02:00
chunk.py
cmd.py
code.py
codecs.py bpo-14014: Clarify StreamWriter.reset() documentation (GH-13716) 2021-01-06 04:14:42 +02:00
codeop.py bpo-43202: More codeop._maybe_compile clean-ups (GH-24512) 2021-02-13 01:49:18 -05:00
colorsys.py Improve consistency of colorsys.rgb_to_hsv (GH-27277) 2021-07-23 09:59:30 -03:00
compileall.py bpo-34990: Treat the pyc header's mtime in compileall as an unsigned int (GH-19708) 2021-08-24 12:13:32 +03:00
configparser.py bpo-38741: Definition of multiple ']' in header configparser (GH-17129) 2021-07-13 15:54:06 +02:00
contextlib.py bpo-44566: resolve differences between asynccontextmanager and contextmanager (#27024) 2021-07-20 20:15:07 +02:00
contextvars.py
copy.py bpo-40792: Make the result of PyNumber_Index() always having exact type int. (GH-20443) 2020-05-28 10:33:45 +03:00
copyreg.py bpo-44676: Serialize the union type using only public API (GH-27323) 2021-07-24 21:26:02 +03:00
crypt.py
csv.py bpo-43625: Enhance csv sniffer has_headers() to be more accurate (GH-26939) 2021-07-30 19:10:37 +02:00
dataclasses.py Fix typos in multiple files (GH-26689) 2021-06-12 22:47:44 -04:00
datetime.py Fix typo (GH-23019) 2021-02-03 13:25:28 -08:00
decimal.py
difflib.py bpo-40394 - difflib.SequenceMatched.find_longest_match default args (GH-19742) 2020-04-29 22:42:45 -05:00
dis.py bpo-43950: include position in dis.Instruction (GH-27015) 2021-07-04 12:05:05 -07:00
doctest.py bpo-35753: Fix crash in doctest with unwrap-able functions (#22981) 2021-05-05 19:33:17 +02:00
enum.py bpo-44929: [Enum] Fix global repr (GH-27789) 2021-08-25 07:24:32 -07:00
filecmp.py bpo-42958: Improve description of shallow= in filecmp.cmp docs (GH-27166) 2021-08-04 21:39:45 +02:00
fileinput.py bpo-43651: Fix EncodingWarning in fileinput and its test (GH-25648) 2021-04-27 15:47:16 +09:00
fnmatch.py bpo-42799: fnmatch module: bump up size of lru_cache for patterns (GH-27084) 2021-07-15 12:53:26 +02:00
fractions.py bpo-44258: support PEP 515 for Fraction's initialization from string (GH-26422) 2021-06-07 08:06:33 +01:00
ftplib.py bpo-43285 Make ftplib not trust the PASV response. (GH-24838) 2021-03-15 11:39:31 -07:00
functools.py bpo-44605: Teach @total_ordering() to work with metaclasses (GH-27633) 2021-08-06 14:33:30 -05:00
genericpath.py
getopt.py
getpass.py update docstring for `win_getpass` to reflect code changes (GH-24967) 2021-05-03 23:48:29 -07:00
gettext.py bpo-44235: Remove deprecated functions in the gettext module. (GH-26378) 2021-05-30 10:29:45 +09:00
glob.py bpo-44482: Fix very unlikely resource leak in glob in non-CPython implementations (GH-26843) 2021-06-23 12:53:37 +03:00
graphlib.py [doc] Fix typo in the graphlib docs (GH-22661) 2020-10-12 07:33:34 -07:00
gzip.py bpo-44439: BZ2File.write() / LZMAFile.write() handle buffer protocol correctly (GH-26764) 2021-06-22 10:04:23 +03:00
hashlib.py bpo-43880: Show DeprecationWarnings for deprecated ssl module features (GH-25455) 2021-04-19 07:27:10 +02:00
heapq.py Revert "Fix all Python Cookbook links (#22205)" (GH-22424) 2020-09-27 01:47:25 +01:00
hmac.py bpo-40645: use C implementation of HMAC (GH-24920) 2021-03-27 06:55:03 -07:00
imaplib.py bpo-44045: fix spelling of uppercase vs upper-case (GH-25985) 2021-05-28 17:54:25 -03:00
imghdr.py bpo-44539: Support recognizing JPEG files without JFIF or Exif markers (GH-26964) 2021-07-20 20:56:57 +02:00
imp.py bpo-43720: Update import-related stdlib deprecation messages to say they will be removed in Python 3.12 (GH-25167) 2021-04-03 15:31:15 -07:00
inspect.py bpo-44648: Fix error type in inspect.getsource() in interactive session (GH-27171) 2021-07-30 19:17:46 +02:00
io.py bpo-43680: Deprecate io.OpenWrapper (GH-25357) 2021-04-14 03:24:33 +02:00
ipaddress.py bpo-33433 Fix private address checking for IPv4 mapped IPv6. (GH-26172) 2021-05-17 00:52:36 -07:00
keyword.py bpo-42128: Structural Pattern Matching (PEP 634) (GH-22917) 2021-02-26 14:51:55 -08:00
linecache.py bpo-42133: update parts of the stdlib to fall back to `__spec__.loader` when `__loader__` is missing (#22929) 2020-11-06 18:45:56 -08:00
locale.py bpo-34311: Add locale.localize (GH-15275) 2021-04-12 14:17:40 +02:00
lzma.py bpo-44439: BZ2File.write() / LZMAFile.write() handle buffer protocol correctly (GH-26764) 2021-06-22 10:04:23 +03:00
mailbox.py bpo-39481: PEP 585 for dataclasses, mailbox, contextvars (GH-19425) 2020-04-14 16:14:15 -07:00
mailcap.py bpo-40094: mailcap.test() uses waitstatus_to_exitcode() (GH-19287) 2020-04-02 02:00:06 +02:00
mimetypes.py bpo-44582: Accelerate mimetypes.init on Windows with a native accelerator (GH-27059) 2021-07-08 16:48:42 +01:00
modulefinder.py bpo-40443: Remove unused imports in the stdlib (GH-19803) 2020-04-30 11:26:33 +02:00
netrc.py bpo-43733: netrc try to use UTF-8 before using locale encoding. (GH-25781) 2021-05-02 14:01:02 +09:00
nntplib.py bpo-39305: Update nntplib to merge nntplib.NNTP and nntplib._NNTPBase (GH-19817) 2020-05-16 19:31:54 +09:00
ntpath.py bpo-43757: Make pathlib use os.path.realpath() to resolve symlinks in a path (GH-25264) 2021-04-28 16:50:17 +01:00
nturl2path.py bpo-43607: Fix urllib handling of Windows paths with \\?\ prefix (GH-25539) 2021-04-23 18:02:47 +01:00
numbers.py bpo-44072: fix Complex, Integral docs for `**` (GH-25986) 2021-05-14 18:01:48 -04:00
opcode.py bpo-44889: Specialize LOAD_METHOD with PEP 659 adaptive interpreter (GH-27722) 2021-08-17 15:55:55 +01:00
operator.py bpo-44558: Match countOf `is`/`==` treatment to c (GH-27007) 2021-07-07 22:28:09 +09:00
optparse.py
os.py bpo-42053: Remove misleading check in os.fwalk() (GH-27669) 2021-08-08 21:04:02 +03:00
pathlib.py bpo-27827: identify a greater range of reserved filename on Windows. (GH-26698) 2021-07-28 16:28:14 +02:00
pdb.py bpo-44682: Handle invalid arg to pdb's "commands" directive (#27252) 2021-07-28 18:55:03 +02:00
pickle.py bpo-43907: add missing memoize call in pure python pickling of bytearray (GH-25501) 2021-04-23 23:27:14 +02:00
pickletools.py
pipes.py Change type check to isinstance in pipes (GH-27291) 2021-07-28 15:38:06 +02:00
pkgutil.py bpo-44061: Fix pkgutil.iter_modules regression when passed a pathlib.Path object (GH-25964) 2021-05-12 00:27:22 +01:00
platform.py platform: Import subprocess in function. (GH-27610) 2021-08-05 14:04:01 +09:00
plistlib.py Fix typos in multiple files (GH-26689) 2021-06-12 22:47:44 -04:00
poplib.py
posixpath.py bpo-26329: update os.path.normpath documentation (GH-20138) 2021-07-12 09:48:01 -03:00
pprint.py bpo-41546: make pprint (like print) not write to stdout when it is None (GH-26810) 2021-07-19 10:19:02 +01:00
profile.py bpo-42005: profile and cProfile catch BrokenPipeError (GH-22643) 2021-01-20 09:56:21 +01:00
pstats.py Fix typos in multiple files (GH-26689) 2021-06-12 22:47:44 -04:00
pty.py bpo-26228: [doc] Adapt PTY documentation updates from GH-4167 (GH-27754) 2021-08-13 12:57:07 +02:00
py_compile.py bpo-38731: Add --quiet option to py_compile CLI (GH-17134) 2020-07-25 22:58:45 +03:00
pyclbr.py bpo-40443: Remove unused imports (GH-25429) 2021-04-16 11:26:06 +02:00
pydoc.py bpo-44967: pydoc: return non-zero exit code when query is not found (GH-27868) 2021-08-26 14:22:02 +02:00
queue.py bpo-39481: PEP 585 for a variety of modules (GH-19423) 2020-04-10 07:46:36 -07:00
quopri.py
random.py bpo-40465: Remove random module features deprecated in 3.9 (GH-25874) 2021-05-04 10:55:40 +02:00
re.py bpo-38659: [Enum] add _simple_enum decorator (GH-25497) 2021-04-21 10:20:44 -07:00
reprlib.py
rlcompleter.py bpo-44752: refactor part of rlcompleter.Completer.attr_matches (GH-27433) 2021-07-29 16:01:21 +02:00
runpy.py bpo-41718: runpy now imports pkgutil in functions (GH-24996) 2021-03-23 19:22:57 +01:00
sched.py bpo-19270: Fixed sched.scheduler.cancel to cancel correct event (GH-22729) 2020-10-19 10:33:43 +03:00
secrets.py bpo-40286: Add randbytes() method to random.Random (GH-19527) 2020-04-17 19:05:35 +02:00
selectors.py bpo-41182 selector: use DefaultSelector based upon implementation (GH-21257) 2020-07-22 20:13:37 -07:00
shelve.py bpo-34204: Use pickle.DEFAULT_PROTOCOL in shelve (GH-19639) 2020-10-29 02:44:35 -07:00
shlex.py bpo-33262: Deprecate passing None for `s` to shlex.split() (GH-6514) 2020-04-01 09:58:55 -04:00
shutil.py bpo-33671 fix orphaned comment in shutil.copyfileobj (GH-27516) 2021-07-31 15:15:45 -04:00
signal.py
site.py bpo-43510: Implement PEP 597 opt-in EncodingWarning. (GH-19481) 2021-03-29 12:28:14 +09:00
smtpd.py bpo-44498: Issue a deprecation warning on asynchat, asyncore and smtpd import (#26882) 2021-06-24 12:37:26 -07:00
smtplib.py bpo-44740: Lowercase "internet" and "web" where appropriate. (#27378) 2021-07-27 00:11:55 +02:00
sndhdr.py bpo-41043: Escape literal part of the path for glob(). (GH-20994) 2020-06-20 11:10:31 +03:00
socket.py Fix typos in multiple files (GH-26689) 2021-06-12 22:47:44 -04:00
socketserver.py bpo-37193: Remove thread objects which finished process its request (GH-23127) 2020-12-31 20:19:30 +00:00
sre_compile.py
sre_constants.py
sre_parse.py
ssl.py Fix typos in multiple files (GH-26689) 2021-06-12 22:47:44 -04:00
stat.py
statistics.py Update nonstandard variable names (GH-26540) 2021-06-04 16:28:31 -07:00
string.py bpo-38208: Simplify string.Template by using __init_subclass__(). (GH-16256) 2019-10-21 09:36:21 +03:00
stringprep.py
struct.py
subprocess.py bpo-44935: enable posix_spawn() on Solaris (GH-27795) 2021-08-17 11:09:48 -07:00
sunau.py
symtable.py bpo-42355: symtable.get_namespace() now checks whether there are multiple or any namespaces found (GH-23278) 2021-07-18 15:56:09 +03:00
sysconfig.py Fix osx_framework_user include to match distutils (#27093) 2021-07-15 11:44:04 +02:00
tabnanny.py
tarfile.py bpo-8978: improve tarfile.open error message when lzma / bz2 are missing (GH-24850) 2021-04-27 10:39:01 -07:00
telnetlib.py Remove unnecessary pass statements (GH-27103) 2021-07-13 15:02:30 +02:00
tempfile.py bpo-4928: Document NamedTemporaryFile non-deletion after SIGKILL (#26198) 2021-05-19 10:21:03 -04:00
textwrap.py bpo-28660: Make TextWrapper break long words on hyphens (GH-22721) 2020-10-18 20:01:15 +03:00
this.py
threading.py bpo-44422: threading.Thread reuses the _delete() method (GH-26741) 2021-06-16 11:41:17 +02:00
timeit.py bpo-40670: More reliable validation of statements in timeit.Timer. (GH-22358) 2020-09-22 16:16:46 +03:00
token.py bpo-43822: Improve syntax errors for missing commas (GH-25377) 2021-04-15 21:38:45 +01:00
tokenize.py Add tests for the C tokenizer and expose it as a private module (GH-27924) 2021-08-24 17:50:05 +01:00
trace.py Fix typo in Lib/trace.py (GH-24309) 2021-02-01 21:16:38 +05:30
traceback.py bpo-43950: support some multi-line expressions for PEP 657 (GH-27339) 2021-07-25 15:01:44 -07:00
tracemalloc.py bpo-37961: Fix regression in tracemalloc.Traceback.__repr__ (GH-23805) 2020-12-16 22:38:32 +01:00
tty.py
turtle.py Update URLs in comments and metadata to use HTTPS (GH-27458) 2021-07-30 15:54:46 +02:00
types.py bpo-44732: Rename types.Union to types.UnionType (#27342) 2021-07-26 18:00:21 +02:00
typing.py bpo-44524: Don't modify MRO when inheriting from typing.Annotated (GH-27841) 2021-08-25 21:13:59 +03:00
uu.py
uuid.py bpo-38659: [Enum] add _simple_enum decorator (GH-25497) 2021-04-21 10:20:44 -07:00
warnings.py
wave.py
weakref.py Update URLs in comments and metadata to use HTTPS (GH-27458) 2021-07-30 15:54:46 +02:00
webbrowser.py bpo-44740: Lowercase "internet" and "web" where appropriate. (#27378) 2021-07-27 00:11:55 +02:00
xdrlib.py
zipapp.py
zipfile.py bpo-44129: Add descriptive global variables for general purpose bit flags (GH-26118) 2021-07-03 17:37:57 +03:00
zipimport.py bpo-42135: Deprecate implementations of find_module() and find_loader() (GH-25169) 2021-04-06 08:56:57 -07:00