Infinite loop in `email._header_value_parser._fold_mime_parameters` when parameter names are too long

[TauPan]

Bug report

Bug description:

Tested with 3.6 and 3.13.1

>>> import email.message
>>> message = email.message.EmailMessage()
...
>>> message.add_attachment('Hello World!', filename='hello.txt', params={130 * 'A': 'too long parameter name'})
None
>>> message.defects
[]
>>> message
<email.message.EmailMessage object at 0x7fe78ec74ec0>
>>> message.as_string()

130 characters for a media type parameter name is (a bit) more than https://datatracker.ietf.org/doc/html/rfc6838#section-4.3 allows but I didn't expect it to lead into an infinite loop. I wanted to check if the email module would catch that defect, which apparently it doesn't.

Distribution is openSUSE Leap 15.6, python 3.13.1 was installed from pyenv, 3.6 is from the distribution. The python3.11 binary from the distribution exhibits the same behaviour.

CPython versions tested on:

3.13

Operating systems tested on:

Linux

Linked PRs

• [3.13] gh-138223: Fix Infinite loop in email._header_value_parser._fold_mime_parameters when parameter names are too long #138226
• [3.13] gh-138223: Fix Infinite loop in email._header_value_parser._fold_mime_parameters when parameter names are too long (GH-138223) #138227
• gh-138223: Fix Infinite loop in email._header_value_parser._fold_mime_parameters when parameter names are too long #138231

[StanFromIreland]

I cannot reproduce with any version (3.12, 3.13, 3.14, 3.15) on Linux (Fedora), I get <bound method MIMEPart.as_string of <email.message.EmailMessage object at 0xXXXXXXXX>> instantly. Can reproduce with the str of MIMEPart.as_string.

[StanFromIreland]

Potentially a duplicate of #136063

[StanFromIreland]

I can reproduce for length $\ge 62$

[picnixz]

Is it an infinite loop or a very long loop? (if it's a very long loop, then my PR for 136063 could solve this; if it's an infinite loop, that's something else. In both cases, the entire parser still needs to be rewritten).

I am actually be surprised that we're already hitting the limit at $62$ characters though but something else may be happening as well.

[picnixz]

Ok, I understand what happens. The issue is with folding. For instance:

m = email.message.EmailMessage()
m.add_attachment('Hello World!', filename='hello.txt', params={'a' * 64: 'abc'})
m.as_string()

works perfectly. But changing 'abc' into something else (maybe longer) looks to make it an infinite loop. And I think it's a true infinite loop here. For instance, using abc def 123 instead makes it an infinite loop.

[picnixz]

The fix is in _fold_mime_parameters where while True should be replaced by while splitpoint >= 1 and we should forcibly write the line even if we cannot do it in this case (or do whatever the RFC tells us to do)

[bedevere-app]

GH-138227 is a backport of this pull request to the 3.13 branch.