Fixed #31784 -- Fixed crash when sending emails on Python 3.6.11+, 3.7.8+, and 3.8.4+.

Fixed sending emails crash on email addresses with display names longer then 75 chars on Python 3.6.11+, 3.7.8+, and 3.8.4+. Wrapped display names were passed to email.headerregistry.Address() what caused raising an exception because address parts cannot contain CR or LF. See https://bugs.python.org/issue39073 Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
author: Florian Apolloner <florian@apolloner.eu> 2020-07-15 07:30:15 +0200
committer: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2020-07-20 07:10:40 +0200
commit: 96a3ea39ef0790dbc413dde0a3e19f6a769356a2 (patch)
tree: a80ec8e04d1466cfc3316f49354dbac4f4047681 /tests/mail
parent: f405954ea24dcce7ed01e488a0778be7e441b757 (diff)
download: django-96a3ea39ef0790dbc413dde0a3e19f6a769356a2.tar.gz
1 files changed, 44 insertions, 6 deletions
diff --git a/tests/mail/tests.py b/tests/mail/tests.py
index 72c22ad341..3046fc011d 100644
--- a/tests/mail/tests.py
+++ b/tests/mail/tests.py
@@ -738,14 +738,14 @@ class MailTests(HeadersCheckMixin, SimpleTestCase):
             (
                 ('A name', 'to@example.com'),
                 'utf-8',
-                '=?utf-8?q?A_name?= <to@example.com>',
+                'A name <to@example.com>',
             ),
             ('localpartonly', 'ascii', 'localpartonly'),
             # ASCII addresses with display names.
             ('A name <to@example.com>', 'ascii', 'A name <to@example.com>'),
-            ('A name <to@example.com>', 'utf-8', '=?utf-8?q?A_name?= <to@example.com>'),
+            ('A name <to@example.com>', 'utf-8', 'A name <to@example.com>'),
             ('"A name" <to@example.com>', 'ascii', 'A name <to@example.com>'),
-            ('"A name" <to@example.com>', 'utf-8', '=?utf-8?q?A_name?= <to@example.com>'),
+            ('"A name" <to@example.com>', 'utf-8', 'A name <to@example.com>'),
             # Unicode addresses (supported per RFC-6532).
             ('tó@example.com', 'utf-8', '=?utf-8?b?dMOz?=@example.com'),
             ('to@éxample.com', 'utf-8', 'to@xn--xample-9ua.com'),
@@ -764,20 +764,45 @@ class MailTests(HeadersCheckMixin, SimpleTestCase):
             (
                 'To Example <to@éxample.com>',
                 'utf-8',
-                '=?utf-8?q?To_Example?= <to@xn--xample-9ua.com>',
+                'To Example <to@xn--xample-9ua.com>',
             ),
             # Addresses with two @ signs.
             ('"to@other.com"@example.com', 'utf-8', r'"to@other.com"@example.com'),
             (
                 '"to@other.com" <to@example.com>',
                 'utf-8',
-                '=?utf-8?q?to=40other=2Ecom?= <to@example.com>',
+                '"to@other.com" <to@example.com>',
             ),
             (
                 ('To Example', 'to@other.com@example.com'),
                 'utf-8',
-                '=?utf-8?q?To_Example?= <"to@other.com"@example.com>',
+                'To Example <"to@other.com"@example.com>',
+            ),
+            # Addresses with long unicode display names.
+            (
+                'Tó Example very long' * 4 + ' <to@example.com>',
+                'utf-8',
+                '=?utf-8?q?T=C3=B3_Example_very_longT=C3=B3_Example_very_longT'
+                '=C3=B3_Example_?=\n'
+                ' =?utf-8?q?very_longT=C3=B3_Example_very_long?= '
+                '<to@example.com>',
+            ),
+            (
+                ('Tó Example very long' * 4, 'to@example.com'),
+                'utf-8',
+                '=?utf-8?q?T=C3=B3_Example_very_longT=C3=B3_Example_very_longT'
+                '=C3=B3_Example_?=\n'
+                ' =?utf-8?q?very_longT=C3=B3_Example_very_long?= '
+                '<to@example.com>',
             ),
+            # Address with long display name and unicode domain.
+            (
+                ('To Example very long' * 4, 'to@exampl€.com'),
+                'utf-8',
+                'To Example very longTo Example very longTo Example very longT'
+                'o Example very\n'
+                ' long <to@xn--exampl-nc1c.com>'
+            )
         ):
             with self.subTest(email_address=email_address, encoding=encoding):
                 self.assertEqual(sanitize_address(email_address, encoding), expected_result)
@@ -797,6 +822,19 @@ class MailTests(HeadersCheckMixin, SimpleTestCase):
                 with self.assertRaises(ValueError):
                     sanitize_address(email_address, encoding='utf-8')
 
+    def test_sanitize_address_header_injection(self):
+        msg = 'Invalid address; address parts cannot contain newlines.'
+        tests = [
+            'Name\nInjection <to@example.com>',
+            ('Name\nInjection', 'to@xample.com'),
+            'Name <to\ninjection@example.com>',
+            ('Name', 'to\ninjection@example.com'),
+        ]
+        for email_address in tests:
+            with self.subTest(email_address=email_address):
+                with self.assertRaisesMessage(ValueError, msg):
+                    sanitize_address(email_address, encoding='utf-8')
+
 
 @requires_tz_support
 class MailTimeZoneTests(SimpleTestCase):
author	Florian Apolloner <florian@apolloner.eu>	2020-07-15 07:30:15 +0200
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2020-07-20 07:10:40 +0200
commit	96a3ea39ef0790dbc413dde0a3e19f6a769356a2 (patch)
tree	a80ec8e04d1466cfc3316f49354dbac4f4047681 /tests/mail
parent	f405954ea24dcce7ed01e488a0778be7e441b757 (diff)
download	django-96a3ea39ef0790dbc413dde0a3e19f6a769356a2.tar.gz