This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author maxking
Recipients Dain Dwarf, Windson Yang, barry, bortzmeyer, cnicodeme, jpic, kal.sze, maxking, msapiro, ned.deily, nicoe, r.david.murray, vstinner, xtreak
Date 2019-05-31.06:26:22
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1559283982.86.0.259349738436.issue34155@roundup.psfhosted.org>
In-reply-to
Content
How about we go a slightly different route than suggested by jpic and instead of returning a None value, we return the entire rest of the string as the domain? That would take care of the security issue since it won't be a valid domain anymore.


     msg = email.message_from_string(
        'From: SomeAbhilashRaj <abhilash@malicious.org@important.com>',    
        policy=email.policy.default)
     print(msg['From'].addresses)
     print(msg['From'].defects)

     (Address(display_name='SomeAbhilashRaj', username='abhilash', domain='malicious.org@important.com>'),)
     (InvalidHeaderDefect('invalid address in address-list'), InvalidHeaderDefect("missing trailing '>' on angle-addr"),  InvalidHeaderDefect("unpected '@' in domain"), ObsoleteHeaderDefect("period in 'phrase'"))


This lets us do postel-style error recovery while working in RFC 2822 style grammar. 

I wrote this patch to achieve this:


@@ -1573,6 +1574,11 @@ def get_domain(value):
             domain.append(DOT)
             token, value = get_atom(value[1:])
             domain.append(token)
+    if value and value[0] == '@':
+        domain.defects.append(errors.InvalidHeaderDefect(
+            "unpected '@' in domain"))
+        token = get_unstructured(value)
+        domain.append(token)
     return domain, value

Does this makes sense?
History
Date User Action Args
2019-05-31 06:26:22maxkingsetrecipients: + maxking, barry, vstinner, msapiro, ned.deily, r.david.murray, nicoe, kal.sze, Windson Yang, xtreak, cnicodeme, bortzmeyer, jpic, Dain Dwarf
2019-05-31 06:26:22maxkingsetmessageid: <1559283982.86.0.259349738436.issue34155@roundup.psfhosted.org>
2019-05-31 06:26:22maxkinglinkissue34155 messages
2019-05-31 06:26:22maxkingcreate