[issue37764] email.Message.as_string infinite loop

Ashwin Ramaswami added the comment: Should we get a CVE for this because this is a security issue? -- ___ Python tracker ___ ___

[issue37764] email.Message.as_string infinite loop

Change by Abhilash Raj : -- resolution: -> fixed ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue37764] email.Message.as_string infinite loop

Change by Abhilash Raj : -- stage: patch review -> resolved status: open -> closed ___ Python tracker ___ ___ Python-bugs-list

[issue37764] email.Message.as_string infinite loop

Abhilash Raj added the comment: New changeset 6ad0a2c45f78020f7994e47620c1cf7b225f8197 by Abhilash Raj in branch '3.8': [3.8] bpo-37764: Fix infinite loop when parsing unstructured email headers. (GH-15239) (GH-15686)

[issue37764] email.Message.as_string infinite loop

Change by Abhilash Raj : -- pull_requests: +15344 pull_request: https://github.com/python/cpython/pull/15686 ___ Python tracker ___

[issue37764] email.Message.as_string infinite loop

miss-islington added the comment: New changeset ea21389dda401457198fb214aa2c981a45ed9528 by Miss Islington (bot) (Ashwin Ramaswami) in branch '3.7': [3.7] bpo-37764: Fix infinite loop when parsing unstructured email headers. (GH-15239) (GH-15654)

[issue37764] email.Message.as_string infinite loop

Change by Ashwin Ramaswami : -- pull_requests: +15321 pull_request: https://github.com/python/cpython/pull/15654 ___ Python tracker ___

[issue37764] email.Message.as_string infinite loop

miss-islington added the comment: New changeset c5b242f87f31286ad38991bc3868cf4cfbf2b681 by Miss Islington (bot) (Ashwin Ramaswami) in branch 'master': bpo-37764: Fix infinite loop when parsing unstructured email headers. (GH-15239)

[issue37764] email.Message.as_string infinite loop

Ashwin Ramaswami added the comment: Thanks, I've fixed the first case as you suggested. I found an example of the 2nd case -- '=?utf-8?q?=somevalue?=' -- which causes the method to hang. I've added a fix, though I'm not sure if it treats the string properly -- it parses it as

[issue37764] email.Message.as_string infinite loop

Abhilash Raj added the comment: Although, the 2nd bug I spoke of is kind of speculative, I haven't been able to find a test case which matches rfc2047_matcher but raises exception with get_encoded_word (after, ofcourse, the first bug is fixed), which the only way to cause an infinite loop.

[issue37764] email.Message.as_string infinite loop

Abhilash Raj added the comment: I meant, =aa is identified as encoded word escape -- ___ Python tracker ___ ___ Python-bugs-list

[issue37764] email.Message.as_string infinite loop

Abhilash Raj added the comment: You have correctly identified that "=aa" is detected as a encoded word and causes the get_encoded_word to fail. However, "=?utf-8?q?somevalue?=aa" should ideally get parsed as "somevalueaa" and not "=?utf-8?q?somevalue?=aa". This is because

[issue37764] email.Message.as_string infinite loop

Change by Ashwin Ramaswami : -- versions: +Python 3.9 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue37764] email.Message.as_string infinite loop

Ashwin Ramaswami added the comment: Oh, both the Travis links I sent actually ended up reproducing the bug. I've made a PR that fixes with an even smaller test case: get_unstructured('=?utf-8?q?somevalue?=aa') It looks like this is caused because "aa" is thought to be an encoded word

[issue37764] email.Message.as_string infinite loop

Change by Ashwin Ramaswami : -- keywords: +patch pull_requests: +14960 stage: -> patch review pull_request: https://github.com/python/cpython/pull/15239 ___ Python tracker

[issue37764] email.Message.as_string infinite loop

Abhilash Raj added the comment: Adding security label since this can cause DOS. -- type: -> security ___ Python tracker ___ ___

[issue37764] email.Message.as_string infinite loop

Change by Abhilash Raj : -- versions: +Python 3.8 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue37764] email.Message.as_string infinite loop

Abhilash Raj added the comment: This does look like a side-effect of the commit mentioned by mytran. The issues seems to be that email._header_value_parser.get_unstructured wrongfully assumes that anything leading with '=?' would be a valid rfc 2047 encoded word. This is a smaller test

[issue37764] email.Message.as_string infinite loop

My Tran added the comment: I looked at the job at https://travis-ci.com/epicfaace/cpython/jobs/223345147 and its running py3.6. -- ___ Python tracker ___

[issue37764] email.Message.as_string infinite loop

My Tran added the comment: Reproduced on 3.7.4 Looks like this started happening after this commit: https://github.com/python/cpython/commit/dc20fc4311dece19488299a7cd11317ffbe4d3c3#diff-19171ae20182f6759204a3436475ddd1 -- ___ Python tracker

[issue37764] email.Message.as_string infinite loop

Ashwin Ramaswami added the comment: I also can't reproduce this on 3.7: https://github.com/epicfaace/cpython/runs/188005822 -- ___ Python tracker ___

[issue37764] email.Message.as_string infinite loop

Ashwin Ramaswami added the comment: I can't reproduce this on 3.9: https://github.com/epicfaace/cpython/runs/187997615 -- nosy: +epicfaace ___ Python tracker ___

[issue37764] email.Message.as_string infinite loop

Change by Karthikeyan Singaravelan : -- nosy: +maxking ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue37764] email.Message.as_string infinite loop

New submission from My Tran : The following will hang the system until it runs out of memory. import email import email.policy text = """From: u...@host.com To: u...@host.com Bad-Header: =?us-ascii?Q?LCSwrV11+IB0rSbSker+M9vWR7wEDSuGqmHD89Gt=ea0nJFSaiz4vX3XMJPT4vrE?=