[New-bugs-announce] [issue36910] Certain Malformed email causes email.parser to throw AttributeError

Mark Sapiro report at bugs.python.org
Mon May 13 21:48:39 EDT 2019 

New submission from Mark Sapiro <mark at msapiro.net>:

The code in the attached parse_bug.py file when run with Python 3.5, 3.6 or 3.7 throws AttributeError with this traceback:

```
Traceback (most recent call last):
  File "parse_bug.py", line 9, in <module>
    """)
  File "/usr/local/lib/python3.7/email/parser.py", line 124, in parsebytes
    return self.parser.parsestr(text, headersonly)
  File "/usr/local/lib/python3.7/email/parser.py", line 68, in parsestr
    return self.parse(StringIO(text), headersonly=headersonly)
  File "/usr/local/lib/python3.7/email/parser.py", line 58, in parse
    return feedparser.close()
  File "/usr/local/lib/python3.7/email/feedparser.py", line 187, in close
    self._call_parse()
  File "/usr/local/lib/python3.7/email/feedparser.py", line 180, in _call_parse
    self._parse()
  File "/usr/local/lib/python3.7/email/feedparser.py", line 323, in _parsegen
    if (self._cur.get('content-transfer-encoding', '8bit').lower()
AttributeError: 'Header' object has no attribute 'lower'
```

The triggering condition appears to be the Content-Transfer-Encoding: header with a non-ascii character in the headers of a multipart part.

The parser should probably throw email.errors.HeaderParseError with a MalformedHeaderDefect in this case rather than AttributeError.

While arguably code should defend against unanticipated exceptions, the fact that such an exception can be thrown while parsing an arbitrary message could be considered a security issue.

----------
components: email
files: parse_bug.py
messages: 342415
nosy: barry, msapiro, r.david.murray
priority: normal
severity: normal
status: open
title: Certain Malformed email causes email.parser to throw AttributeError
type: behavior
versions: Python 3.5, Python 3.6, Python 3.7
Added file: https://bugs.python.org/file48330/parse_bug.py

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue36910>
_______________________________________

More information about the New-bugs-announce mailing list