diff options
author | Florian Apolloner <florian@apolloner.eu> | 2020-07-15 07:30:15 +0200 |
---|---|---|
committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-07-20 07:10:40 +0200 |
commit | 96a3ea39ef0790dbc413dde0a3e19f6a769356a2 (patch) | |
tree | a80ec8e04d1466cfc3316f49354dbac4f4047681 /tests/mail | |
parent | f405954ea24dcce7ed01e488a0778be7e441b757 (diff) | |
download | django-96a3ea39ef0790dbc413dde0a3e19f6a769356a2.tar.gz |
Fixed #31784 -- Fixed crash when sending emails on Python 3.6.11+, 3.7.8+, and 3.8.4+.
Fixed sending emails crash on email addresses with display names longer
then 75 chars on Python 3.6.11+, 3.7.8+, and 3.8.4+.
Wrapped display names were passed to email.headerregistry.Address()
what caused raising an exception because address parts cannot contain
CR or LF.
See https://bugs.python.org/issue39073
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Diffstat (limited to 'tests/mail')
-rw-r--r-- | tests/mail/tests.py | 50 |
1 files changed, 44 insertions, 6 deletions
diff --git a/tests/mail/tests.py b/tests/mail/tests.py index 72c22ad341..3046fc011d 100644 --- a/tests/mail/tests.py +++ b/tests/mail/tests.py @@ -738,14 +738,14 @@ class MailTests(HeadersCheckMixin, SimpleTestCase): ( ('A name', 'to@example.com'), 'utf-8', - '=?utf-8?q?A_name?= <to@example.com>', + 'A name <to@example.com>', ), ('localpartonly', 'ascii', 'localpartonly'), # ASCII addresses with display names. ('A name <to@example.com>', 'ascii', 'A name <to@example.com>'), - ('A name <to@example.com>', 'utf-8', '=?utf-8?q?A_name?= <to@example.com>'), + ('A name <to@example.com>', 'utf-8', 'A name <to@example.com>'), ('"A name" <to@example.com>', 'ascii', 'A name <to@example.com>'), - ('"A name" <to@example.com>', 'utf-8', '=?utf-8?q?A_name?= <to@example.com>'), + ('"A name" <to@example.com>', 'utf-8', 'A name <to@example.com>'), # Unicode addresses (supported per RFC-6532). ('tó@example.com', 'utf-8', '=?utf-8?b?dMOz?=@example.com'), ('to@éxample.com', 'utf-8', 'to@xn--xample-9ua.com'), @@ -764,20 +764,45 @@ class MailTests(HeadersCheckMixin, SimpleTestCase): ( 'To Example <to@éxample.com>', 'utf-8', - '=?utf-8?q?To_Example?= <to@xn--xample-9ua.com>', + 'To Example <to@xn--xample-9ua.com>', ), # Addresses with two @ signs. ('"to@other.com"@example.com', 'utf-8', r'"to@other.com"@example.com'), ( '"to@other.com" <to@example.com>', 'utf-8', - '=?utf-8?q?to=40other=2Ecom?= <to@example.com>', + '"to@other.com" <to@example.com>', ), ( ('To Example', 'to@other.com@example.com'), 'utf-8', - '=?utf-8?q?To_Example?= <"to@other.com"@example.com>', + 'To Example <"to@other.com"@example.com>', + ), + # Addresses with long unicode display names. + ( + 'Tó Example very long' * 4 + ' <to@example.com>', + 'utf-8', + '=?utf-8?q?T=C3=B3_Example_very_longT=C3=B3_Example_very_longT' + '=C3=B3_Example_?=\n' + ' =?utf-8?q?very_longT=C3=B3_Example_very_long?= ' + '<to@example.com>', + ), + ( + ('Tó Example very long' * 4, 'to@example.com'), + 'utf-8', + '=?utf-8?q?T=C3=B3_Example_very_longT=C3=B3_Example_very_longT' + '=C3=B3_Example_?=\n' + ' =?utf-8?q?very_longT=C3=B3_Example_very_long?= ' + '<to@example.com>', ), + # Address with long display name and unicode domain. + ( + ('To Example very long' * 4, 'to@exampl€.com'), + 'utf-8', + 'To Example very longTo Example very longTo Example very longT' + 'o Example very\n' + ' long <to@xn--exampl-nc1c.com>' + ) ): with self.subTest(email_address=email_address, encoding=encoding): self.assertEqual(sanitize_address(email_address, encoding), expected_result) @@ -797,6 +822,19 @@ class MailTests(HeadersCheckMixin, SimpleTestCase): with self.assertRaises(ValueError): sanitize_address(email_address, encoding='utf-8') + def test_sanitize_address_header_injection(self): + msg = 'Invalid address; address parts cannot contain newlines.' + tests = [ + 'Name\nInjection <to@example.com>', + ('Name\nInjection', 'to@xample.com'), + 'Name <to\ninjection@example.com>', + ('Name', 'to\ninjection@example.com'), + ] + for email_address in tests: + with self.subTest(email_address=email_address): + with self.assertRaisesMessage(ValueError, msg): + sanitize_address(email_address, encoding='utf-8') + @requires_tz_support class MailTimeZoneTests(SimpleTestCase): |