Message 341362 - Python tracker

Message341362

Author	jpic
Recipients	Dain Dwarf, Windson Yang, barry, bortzmeyer, cnicodeme, jpic, kal.sze, msapiro, ned.deily, nicoe, r.david.murray, vstinner, xtreak
Date	2019-05-03.23:57:58
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<CAC6Op19ABTAPENh6P=PsXAPfdPxBV8a921HvunPvh1OGHhJ_bA@mail.gmail.com>
In-reply-to	<1556918863.35.0.261968400893.issue34155@roundup.psfhosted.org>

Content
I haven't found this specific case in an RFC, but checked Go's net/mail library behavior and it just considers it broken: $ cat mail.go package main import "fmt" import "net/mail" func main() { fmt.Println((&mail.AddressParser{}).Parse("a@example.com")) fmt.Println((&mail.AddressParser{}).Parse("a@malicious.org@example.com ")) } $ go run mail.go <a@example.com> <nil> <nil> mail: expected single address, got "@example.com" That would fix the security issue but not the whole ticket.

Content

I haven't found this specific case in an RFC, but checked Go's net/mail
library behavior and it just considers it broken:

$ cat mail.go
package main
import "fmt"
import "net/mail"
func main() {
    fmt.Println((&mail.AddressParser{}).Parse("a@example.com"))
    fmt.Println((&mail.AddressParser{}).Parse("a@malicious.org@example.com
"))
}

$ go run mail.go
<a@example.com> <nil>
<nil> mail: expected single address, got "@example.com"

That would fix the security issue but not the whole ticket.

History
Date	User	Action	Args
2019-05-03 23:57:59	jpic	set	recipients: + jpic, barry, vstinner, msapiro, ned.deily, r.david.murray, nicoe, kal.sze, Windson Yang, xtreak, cnicodeme, bortzmeyer, Dain Dwarf
2019-05-03 23:57:59	jpic	link	issue34155 messages
2019-05-03 23:57:58	jpic	create