wouter bolsterlee 989f6a3800 bpo-45001: Make email date parsing more robust against malformed input (GH-27946) ... Various date parsing utilities in the email module, such as email.utils.parsedate(), are supposed to gracefully handle invalid input, typically by raising an appropriate exception or by returning None. The internal email._parseaddr._parsedate_tz() helper used by some of these date parsing routines tries to be robust against malformed input, but unfortunately it can still crash ungracefully when a non-empty but whitespace-only input is passed. This manifests as an unexpected IndexError. In practice, this can happen when parsing an email with only a newline inside a ‘Date:’ header, which unfortunately happens occasionally in the real world. Here's a minimal example: $ python Python 3.9.6 (default, Jun 30 2021, 10:22:16) [GCC 11.1.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import email.utils >>> email.utils.parsedate('foo') >>> email.utils.parsedate(' ') Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3.9/email/_parseaddr.py", line 176, in parsedate t = parsedate_tz(data) File "/usr/lib/python3.9/email/_parseaddr.py", line 50, in parsedate_tz res = _parsedate_tz(data) File "/usr/lib/python3.9/email/_parseaddr.py", line 72, in _parsedate_tz if data[0].endswith(',') or data[0].lower() in _daynames: IndexError: list index out of range The fix is rather straight-forward: guard against empty lists, after splitting on whitespace, but before accessing the first element.		2021-08-26 16:49:03 +02:00
..
mime	Issue #27445: Merge from 3.5	2016-09-08 19:42:11 +03:00
__init__.py	#22508: Drop email __version__ string. It no longer means anything.	2014-10-03 13:02:47 -04:00
_encoded_words.py	bpo-27397: Make email module properly handle invalid-length base64 strings (#7583)	2018-06-12 15:46:22 +03:00
_header_value_parser.py	bpo-39040: Fix parsing of email mime headers with whitespace between encoded-words. (gh-17620)	2020-05-28 20:04:59 -04:00
_parseaddr.py	bpo-45001: Make email date parsing more robust against malformed input (GH-27946)	2021-08-26 16:49:03 +02:00
_policybase.py	[email] bpo-29478: Fix passing max_line_length=None from Compat32 policy (GH-595)	2017-06-11 23:43:41 -07:00
architecture.rst	Fix typos in multiple .rst files (#1668)	2017-05-19 23:37:57 +03:00
base64mime.py	bpo-43125: Fix: return expected type (str), not original value (bytes) in email/base64mime.py::body_encode (GH-24476)	2021-03-30 17:37:37 +09:00
charset.py	bpo-36793: Remove unneeded __str__ definitions. (GH-13081)	2019-05-06 22:29:40 +03:00
contentmanager.py	bpo-41402: Fix email ContentManager calling .encode() on bytes (GH-21631)	2021-08-09 18:45:41 +02:00
encoders.py	#19957: Simplify encode_7or8bit now that _payload is always str.	2013-12-12 21:40:20 -05:00
errors.py	bpo-30681: Support invalid date format or value in email Date header (GH-22090)	2020-10-26 17:31:06 -07:00
feedparser.py	bpo-30835: email: Fix AttributeError when parsing invalid CTE (GH-13598)	2019-06-04 11:00:47 -07:00
generator.py	bpo-27321 Fix email.generator.py to not replace a non-existent header. (GH-18074)	2020-10-19 15:49:19 -07:00
header.py	bpo-27737: Allow whitespace only headers encoding (#13478)	2019-05-22 21:13:16 -04:00
headerregistry.py	Remove comment about a private email.headerregistry (GH-24233)	2021-02-24 17:21:32 -04:00
iterators.py
message.py	bpo-42892: fix email multipart attribute error (GH-26903)	2021-07-30 19:05:49 +02:00
parser.py	Fix infinite loop in email folding logic (GH-12732)	2019-07-16 10:50:01 -07:00
policy.py	bpo-33524: Fix the folding of email header when max_line_length is 0 or None (#13391)	2019-05-17 15:28:44 -04:00
quoprimime.py	bpo-32297: Few misspellings found in Python source code comments. (#4803)	2017-12-14 13:04:53 +02:00
utils.py	bpo-27513: email.utils.getaddresses() now handles Header objects (#13797)	2021-07-19 18:07:54 +02:00