Commit a4a994bd authored by Abhilash Raj's avatar Abhilash Raj Committed by Barry Warsaw

bpo-37461: Fix infinite loop in parsing of specially crafted email headers (GH-14794)

* bpo-37461: Fix infinite loop in parsing of specially crafted email headers.

Some crafted email header would cause the get_parameter method to run in an
infinite loop causing a DoS attack surface when parsing those headers. This
patch fixes that by making sure the DQUOTE character is handled to prevent
going into an infinite loop.
parent 82494aa6
...@@ -2496,6 +2496,9 @@ def get_parameter(value): ...@@ -2496,6 +2496,9 @@ def get_parameter(value):
while value: while value:
if value[0] in WSP: if value[0] in WSP:
token, value = get_fws(value) token, value = get_fws(value)
elif value[0] == '"':
token = ValueTerminal('"', 'DQUOTE')
value = value[1:]
else: else:
token, value = get_qcontent(value) token, value = get_qcontent(value)
v.append(token) v.append(token)
......
...@@ -2710,6 +2710,13 @@ class Test_parse_mime_parameters(TestParserMixin, TestEmailBase): ...@@ -2710,6 +2710,13 @@ class Test_parse_mime_parameters(TestParserMixin, TestEmailBase):
# Defects are apparent missing *0*, and two 'out of sequence'. # Defects are apparent missing *0*, and two 'out of sequence'.
[errors.InvalidHeaderDefect]*3), [errors.InvalidHeaderDefect]*3),
# bpo-37461: Check that we don't go into an infinite loop.
'extra_dquote': (
'r*="\'a\'\\"',
' r="\\""',
'r*=\'a\'"',
[('r', '"')],
[errors.InvalidHeaderDefect]*2),
} }
@parameterize @parameterize
......
Fix an inifite loop when parsing specially crafted email headers. Patch by
Abhilash Raj.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment