New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
parse_message_id in email module is very buggy / crashy #82889
Comments
email module has recently got parse_message_id which is more strict now, then before. However, it's not programmed as defensively as expected. Given bogus message-id, it crashes with unbound local variable, or like accessing a non-existing index. So hyperkitty had a Message-ID "X"*260 in the testsuite that used to pass with 3.7, but fails with 3.8. ====================================================================== Traceback (most recent call last):
File "./hyperkitty/tests/lib/test_incoming.py", line 295, in test_long_message_id
msg["Message-ID"] = "X" * 260
File "/usr/lib/python3.8/email/message.py", line 409, in __setitem__
self._headers.append(self.policy.header_store_parse(name, val))
File "/usr/lib/python3.8/email/policy.py", line 148, in header_store_parse
return (name, self.header_factory(name, value))
File "/usr/lib/python3.8/email/headerregistry.py", line 602, in __call__
return self[name](name, value)
File "/usr/lib/python3.8/email/headerregistry.py", line 197, in __new__
cls.parse(value, kwds)
File "/usr/lib/python3.8/email/headerregistry.py", line 530, in parse
kwds['parse_tree'] = parse_tree = cls.value_parser(value)
File "/usr/lib/python3.8/email/_header_value_parser.py", line 2116, in parse_message_id
message_id.append(token)
UnboundLocalError: local variable 'token' referenced before assignment Similarly another user, surkova reports that value[0] in get_msg_id function is buggy too (doesn't check that value has a member) First reported #13397 (comment) Ideally, I'd like the function to raise a documented Exception for invalid Message-id, but not fail with what look like regular programming bugs in the email module. Expectation is that email module is either more permissive or is coded more defence-in-depth with more checking in place. |
This seems to be the same as bpo-38698. |
Yes, bpo-38698 covers the UnboundLocalError, but doesn't cover inside get_msg_id there is also this gem: def get_msg_id(value):
msg_id = MsgID()
if value[0] in CFWS_LEADER: It should test value before accessing value[0] like it is done in other places, ie.: if value and value[0] in CFWS_LEADER: or indent the whole block to iterate over value with: while value:
... which also tests that value has [0] index. I guess I want to repurpose this issue for the value[0] indexerror in get_msg_id(). |
Closing this as fixed. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: