Opened 80 minutes ago
Last modified 32 seconds ago
#36752 new Bug
SMTP backend crashes on invalid email addresses such as “to@”
| Reported by: | Kwadwo Owusu Ansah | Owned by: | |
|---|---|---|---|
| Component: | Core (Mail) | Version: | dev |
| Severity: | Normal | Keywords: | smtp invalid email parser regression |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
While running the Django test suite on the current development version
(6.1.dev), the SMTP backend crashes when preparing invalid email
addresses such as "to@".
This failure is triggered by the test:
tests/mail/tests.py::test_avoids_sending_to_invalid_addresses
Expected behavior:
Invalid email addresses should be rejected early with a ValueError and
must not reach the low-level email header parser used by
AddressHeader.value_parser().
Actual behavior:
The following exception occurs when attempting to parse the invalid
address:
IndexError: string index out of range
Traceback (excerpt):
File django/core/mail/backends/smtp.py, in prep_address
parsed = AddressHeader.value_parser(address)
File .../email/_header_value_parser.py
if value[0] in CFWS_LEADER:
IndexError: string index out of range
This indicates that the backend attempts to parse malformed email
addresses too deeply instead of validating them first.
Environment:
- Django version: 6.1.dev
- Python 3.12
- Command: python tests/runtests.py mail
Steps to reproduce:
- Clone Django main
- Install test dependencies
- Run: python tests/runtests.py mail
- Observe the failure in test_avoids_sending_to_invalid_addresses
The failure is reproducible and appears to be a regression in the SMTP
backend’s handling of invalid recipient addresses.
Patch submitted in https://github.com/django/django/pull/20301.