[ python-Bugs-1595045 ] smtplib.SMTP.sendmail() does not provide transparency
SourceForge.net
noreply at sourceforge.net
Sun Nov 12 14:14:19 CET 2006
Bugs item #1595045, was opened at 2006-11-12 15:14
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1595045&group_id=5470
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Python Library
Group: Python 2.4
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Avi Kivity (avik)
Assigned to: Nobody/Anonymous (nobody)
Summary: smtplib.SMTP.sendmail() does not provide transparency
Initial Comment:
If the msg parameter to smtplib.SMTP.sendmail()
contains a '\r\n.\r\n', the message will be
terminated. This will surprise most users, as
smtplib should encapsulate the various protocol
details rather than expose them.
It's also a potential security hole. If
user-supplied data is passed as msg, then the user
may be able to inject SMTP commands by placing them
after a '\r\n.\r\n'.
A workaround is to mutilate msg before passing it to
smtplib.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1595045&group_id=5470
More information about the Python-bugs-list
mailing list