diff --git a/Lib/email/utils.py b/Lib/email/utils.py index f276303197396b..f2c28bf7f81af6 100644 --- a/Lib/email/utils.py +++ b/Lib/email/utils.py @@ -417,6 +417,9 @@ def decode_params(params): for name, continuations in rfc2231_params.items(): value = [] extended = False + if len(continuations) > 1 and any(num is None for num, *_ in continuations): + msg = f"Invalid RFC 2231 parameter continuation for '{name}'" + raise ValueError(msg) # Sort by number continuations.sort() # And now append all values in numerical order, converting diff --git a/Lib/test/test_email/test_email.py b/Lib/test/test_email/test_email.py index 65ddbabcaa1997..ac9e424fb5d494 100644 --- a/Lib/test/test_email/test_email.py +++ b/Lib/test/test_email/test_email.py @@ -5757,6 +5757,16 @@ def test_should_not_hang_on_invalid_ew_messages(self): with self.subTest(m=m): msg = email.message_from_string(m) + def test_rfc2231_invalid_parameter_continuation(self): + # gh-125648: should raise a ValueError for invalid parameter continuation + m = """\ +Content-Type: application/x-foo; +\tname*0="foo"; +\tname*="bar" +""" + msg = email.message_from_string(m) + with self.assertRaisesRegex(ValueError, "Invalid RFC 2231 parameter continuation for 'name'"): + msg.get_params() # Tests to ensure that signed parts of an email are completely preserved, as # required by RFC1847 section 2.1. Note that these are incomplete, because the diff --git a/Misc/NEWS.d/next/Library/2024-10-20-21-02-53.gh-issue-125648.HnDHxg.rst b/Misc/NEWS.d/next/Library/2024-10-20-21-02-53.gh-issue-125648.HnDHxg.rst new file mode 100644 index 00000000000000..b0fe678c717a6b --- /dev/null +++ b/Misc/NEWS.d/next/Library/2024-10-20-21-02-53.gh-issue-125648.HnDHxg.rst @@ -0,0 +1,2 @@ +Use a more descriptive error message when encountering invalid parameter +continuations in :meth:`email.message.Message.get_params`.