[ python-Bugs-1595045 ] smtplib.SMTP.sendmail() does not provide transparency
SourceForge.net
noreply at sourceforge.net
Sun Nov 12 23:00:53 CET 2006
Bugs item #1595045, was opened at 2006-11-12 15:14
Message generated for change (Comment added) made by avik
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1595045&group_id=5470
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Python Library
Group: Python 2.4
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Avi Kivity (avik)
Assigned to: Nobody/Anonymous (nobody)
Summary: smtplib.SMTP.sendmail() does not provide transparency
Initial Comment:
If the msg parameter to smtplib.SMTP.sendmail()
contains a '\r\n.\r\n', the message will be
terminated. This will surprise most users, as
smtplib should encapsulate the various protocol
details rather than expose them.
It's also a potential security hole. If
user-supplied data is passed as msg, then the user
may be able to inject SMTP commands by placing them
after a '\r\n.\r\n'.
A workaround is to mutilate msg before passing it to
smtplib.
----------------------------------------------------------------------
>Comment By: Avi Kivity (avik)
Date: 2006-11-13 00:00
Message:
Logged In: YES
user_id=539971
Yes. Do I need to submit it against 2.4 or 2.5, or both?
----------------------------------------------------------------------
Comment By: Martin v. Löwis (loewis)
Date: 2006-11-12 23:56
Message:
Logged In: YES
user_id=21627
Would you like to contribute a patch to fix this problem?
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1595045&group_id=5470
More information about the Python-bugs-list
mailing list