Message342415
The code in the attached parse_bug.py file when run with Python 3.5, 3.6 or 3.7 throws AttributeError with this traceback:
```
Traceback (most recent call last):
File "parse_bug.py", line 9, in <module>
""")
File "/usr/local/lib/python3.7/email/parser.py", line 124, in parsebytes
return self.parser.parsestr(text, headersonly)
File "/usr/local/lib/python3.7/email/parser.py", line 68, in parsestr
return self.parse(StringIO(text), headersonly=headersonly)
File "/usr/local/lib/python3.7/email/parser.py", line 58, in parse
return feedparser.close()
File "/usr/local/lib/python3.7/email/feedparser.py", line 187, in close
self._call_parse()
File "/usr/local/lib/python3.7/email/feedparser.py", line 180, in _call_parse
self._parse()
File "/usr/local/lib/python3.7/email/feedparser.py", line 323, in _parsegen
if (self._cur.get('content-transfer-encoding', '8bit').lower()
AttributeError: 'Header' object has no attribute 'lower'
```
The triggering condition appears to be the Content-Transfer-Encoding: header with a non-ascii character in the headers of a multipart part.
The parser should probably throw email.errors.HeaderParseError with a MalformedHeaderDefect in this case rather than AttributeError.
While arguably code should defend against unanticipated exceptions, the fact that such an exception can be thrown while parsing an arbitrary message could be considered a security issue. |
|
Date |
User |
Action |
Args |
2019-05-14 01:48:39 | msapiro | set | recipients:
+ msapiro, barry, r.david.murray |
2019-05-14 01:48:39 | msapiro | set | messageid: <1557798519.08.0.310106320232.issue36910@roundup.psfhosted.org> |
2019-05-14 01:48:39 | msapiro | link | issue36910 messages |
2019-05-14 01:48:38 | msapiro | create | |
|