Issue 34591: smtplib mixes RFC821 and RFC822 addresses

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/78772

classification

Title:	smtplib mixes RFC821 and RFC822 addresses
Type:	security	Stage:
Components:	Library (Lib)	Versions:

process

Status:	open	Resolution:
Dependencies:		Superseder:
Assigned To:		Nosy List:	Manjusaka, daurnimator, epicfaace
Priority:	normal	Keywords:

Created on 2018-09-05 20:41 by daurnimator, last changed 2022-04-11 14:59 by admin.

Messages (4)
msg324653 - (view)	Author: Daurnimator (daurnimator)	Date: 2018-09-05 20:41
smtplib.sendmsg is documented to take RFC822 addresses. and e.g. if the `to_addrs` argument isn't provided then it gets the To address directly from the headers (which is in RFC822 form). However it then proceeds to use it as an RFC821 address and sends it over the SMTP connection. https://github.com/python/cpython/blob/874809ea389e6434787e773a6054a08e0b81f734/Lib/smtplib.py#L542
msg364200 - (view)	Author: Ashwin Ramaswami (epicfaace) *	Date: 2020-03-14 21:57
What do you mean by "it then proceeds to use it as an RFC821 address"?
msg364220 - (view)	Author: Daurnimator (daurnimator)	Date: 2020-03-15 05:43
On Sun, 15 Mar 2020 at 08:58, Ashwin Ramaswami <report@bugs.python.org> wrote: > What do you mean by "it then proceeds to use it as an RFC821 address"? It writes it into an SMTP command as if it was an RFC821 address. This is a problem because not all RFC822 addresses are valid RFC821 addresses.
msg364869 - (view)	Author: Manjusaka (Manjusaka) *	Date: 2020-03-23 18:01
> This is a problem because not all RFC822 addresses are valid RFC821 addresses. Do you mean that we would add a verification before we send the command?