Bugs item #1595045, was opened at 2006-11-12 13:14 Message generated for change (Comment added) made by gbrandl You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1595045&group_id=5470
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Python Library Group: Python 2.4 Status: Open Resolution: None Priority: 5 Private: No Submitted By: Avi Kivity (avik) Assigned to: Nobody/Anonymous (nobody) Summary: smtplib.SMTP.sendmail() does not provide transparency Initial Comment: If the msg parameter to smtplib.SMTP.sendmail() contains a '\r\n.\r\n', the message will be terminated. This will surprise most users, as smtplib should encapsulate the various protocol details rather than expose them. It's also a potential security hole. If user-supplied data is passed as msg, then the user may be able to inject SMTP commands by placing them after a '\r\n.\r\n'. A workaround is to mutilate msg before passing it to smtplib. ---------------------------------------------------------------------- >Comment By: Georg Brandl (gbrandl) Date: 2006-11-12 22:07 Message: Logged In: YES user_id=849994 As there were almost no changes in smtplib between 2.4 and 2.5, I think that 2.5 is enough, if someone backports it to 2.4, he can adapt if necessary. ---------------------------------------------------------------------- Comment By: Avi Kivity (avik) Date: 2006-11-12 22:00 Message: Logged In: YES user_id=539971 Yes. Do I need to submit it against 2.4 or 2.5, or both? ---------------------------------------------------------------------- Comment By: Martin v. Löwis (loewis) Date: 2006-11-12 21:56 Message: Logged In: YES user_id=21627 Would you like to contribute a patch to fix this problem? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1595045&group_id=5470 _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
