Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython3 / a4a994bd3e619cbaff97610a1cee8ffa87c672f5
commita4a994bd3e619cbaff97610a1cee8ffa87c672f5[log] [tgz]
authorAbhilash Raj <maxking@users.noreply.github.com>Wed Jul 17 09:44:27 2019 -0700
committerBarry Warsaw <barry@python.org>Wed Jul 17 09:44:27 2019 -0700
tree6aee3d24c4a984481adf2921c31108635b0857ce
parent82494aa6d947c4a320c09c58fe0f100cdcf7af0b [diff]
bpo-37461: Fix infinite loop in parsing of specially crafted email headers (GH-14794)

* bpo-37461: Fix infinite loop in parsing of specially crafted email headers.

Some crafted email header would cause the get_parameter method to run in an
infinite loop causing a DoS attack surface when parsing those headers. This
patch fixes that by making sure the DQUOTE character is handled to prevent
going into an infinite loop.
3 files changed
tree: 6aee3d24c4a984481adf2921c31108635b0857ce
  1. .azure-pipelines/
  2. .github/
  3. Doc/
  4. Grammar/
  5. Include/
  6. Lib/
  7. m4/
  8. Mac/
  9. Misc/
  10. Modules/
  11. Objects/
  12. Parser/
  13. PC/
  14. PCbuild/
  15. Programs/
  16. Python/
  17. Tools/
  18. .gitattributes
  19. .gitignore
  20. .travis.yml
  21. aclocal.m4
  22. CODE_OF_CONDUCT.md
  23. config.guess
  24. config.sub
  25. configure
  26. configure.ac
  27. install-sh
  28. LICENSE
  29. Makefile.pre.in
  30. pyconfig.h.in
  31. README.rst
  32. setup.py