[issue42909] Email header with ; ; ; ; stuffing takes very long to parse
Andrei Kulakov
report at bugs.python.org
Fri Jul 9 18:18:24 EDT 2021
Andrei Kulakov <andrei.avk at gmail.com> added the comment:
According to this: https://stackoverflow.com/questions/19852/maximum-length-of-a-mime-content-type-header-field
(with links to RFCs 4288 and 6838), this header should not be longer than 255 chars.
To fix this issue while maximizing backwards compatibility, I propose to do:
- if content-type > 255 AND count of ';' is > 127 => raise HeaderParseError('Appears to be a spam header: length > 255 and large number of `;`'
Choosing 127 to be conservatively high, can be adjusted to 20-30 to make processing even faster.
----------
nosy: +andrei.avk
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue42909>
_______________________________________
More information about the Python-bugs-list
mailing list