bpo-37461: Fix infinite loop in parsing of specially crafted email headers (GH-14794)

* bpo-37461: Fix infinite loop in parsing of specially crafted email headers.

Some crafted email header would cause the get_parameter method to run in an
infinite loop causing a DoS attack surface when parsing those headers. This
patch fixes that by making sure the DQUOTE character is handled to prevent
going into an infinite loop.
This commit is contained in:
Abhilash Raj 2019-07-17 09:44:27 -07:00 committed by Barry Warsaw
parent 82494aa6d9
commit a4a994bd3e
3 changed files with 12 additions and 0 deletions

View File

@ -2496,6 +2496,9 @@ def get_parameter(value):
while value:
if value[0] in WSP:
token, value = get_fws(value)
elif value[0] == '"':
token = ValueTerminal('"', 'DQUOTE')
value = value[1:]
else:
token, value = get_qcontent(value)
v.append(token)

View File

@ -2710,6 +2710,13 @@ class Test_parse_mime_parameters(TestParserMixin, TestEmailBase):
# Defects are apparent missing *0*, and two 'out of sequence'.
[errors.InvalidHeaderDefect]*3),
# bpo-37461: Check that we don't go into an infinite loop.
'extra_dquote': (
'r*="\'a\'\\"',
' r="\\""',
'r*=\'a\'"',
[('r', '"')],
[errors.InvalidHeaderDefect]*2),
}
@parameterize

View File

@ -0,0 +1,2 @@
Fix an inifite loop when parsing specially crafted email headers. Patch by
Abhilash Raj.