[Django] #36752: SMTP backend crashes on invalid email addresses such as “to@”

[Django]

#36752: SMTP backend crashes on invalid email addresses such as “to@”
-------------------------------------+-------------------------------------
Reporter: quarjo | Type: Bug
Status: new | Component: Core
| (Mail)
Version: dev | Severity: Normal
Keywords: smtp invalid email | Triage Stage:
parser regression | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
While running the Django test suite on the current development version
(6.1.dev), the SMTP backend crashes when preparing invalid email
addresses such as "to@".

This failure is triggered by the test:
tests/mail/tests.py::test_avoids_sending_to_invalid_addresses

Expected behavior:
Invalid email addresses should be rejected early with a ValueError and
must not reach the low-level email header parser used by
AddressHeader.value_parser().

Actual behavior:
The following exception occurs when attempting to parse the invalid
address:

IndexError: string index out of range

Traceback (excerpt):
File django/core/mail/backends/smtp.py, in prep_address
parsed = AddressHeader.value_parser(address)
File .../email/_header_value_parser.py
if value[0] in CFWS_LEADER:
IndexError: string index out of range

This indicates that the backend attempts to parse malformed email
addresses too deeply instead of validating them first.

Environment:
- Django version: 6.1.dev
- Python 3.12
- Command: python tests/runtests.py mail

Steps to reproduce:
1. Clone Django main
2. Install test dependencies
3. Run: python tests/runtests.py mail
4. Observe the failure in test_avoids_sending_to_invalid_addresses

The failure is reproducible and appears to be a regression in the SMTP
backend’s handling of invalid recipient addresses.
--
Ticket URL: <https://code.djangoproject.com/ticket/36752>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

[Django]

#36752: SMTP backend crashes on invalid email addresses such as “to@”
-------------------------------------+-------------------------------------

Reporter: Kwadwo Owusu Ansah | Owner: (none)

Type: Bug | Status: new
Component: Core (Mail) | Version: dev

Severity: Normal | Resolution:

Keywords: smtp invalid email | Triage Stage:
parser regression | Unreviewed

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Kwadwo Owusu Ansah):

* has_patch: 0 => 1

Comment:

Patch submitted in https://github.com/django/django/pull/20301.
--
Ticket URL: <https://code.djangoproject.com/ticket/36752#comment:1>

[Django]

#36752: SMTP backend crashes on invalid email addresses such as “to@”
-------------------------------------+-------------------------------------
Reporter: Kwadwo Owusu Ansah | Owner: (none)
Type: Bug | Status: new
Component: Core (Mail) | Version: dev
Severity: Normal | Resolution:
Keywords: smtp invalid email | Triage Stage:
parser regression | Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by Jake Howard):

Is it definitely not possible for an SMTP server to not require the
hostname part of an address? I guess since Python's `email` library
rejects it we probably don't have a choice.

Regarding the patch, it seems to only change the exception, rather than
notably change behaviour. Perhaps it's better to wrap the
`AddressHeader.value_parser` call in a `try: except:` and raise a slightly
nicer message. I assume hitting a `ValueError` will just raise a different
exception, rather than notably changing the crashing behaviour?
--
Ticket URL: <https://code.djangoproject.com/ticket/36752#comment:2>

[Django]

#36752: SMTP backend crashes on invalid email addresses such as “to@”
-------------------------------------+-------------------------------------
Reporter: Kwadwo Owusu Ansah | Owner: (none)

Type: Bug | Status: closed

Component: Core (Mail) | Version: dev

Severity: Normal | Resolution: duplicate

Keywords: smtp invalid email | Triage Stage:
parser regression | Unreviewed

Has patch: 0 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Jacob Walls):

* has_patch: 1 => 0
* resolution: => duplicate
* status: new => closed

Comment:

3.12.0 is not supported, please run the latest bugfix release of Python
3.12. Duplicate of #36746.
--
Ticket URL: <https://code.djangoproject.com/ticket/36752#comment:3>

[Django]

#36752: SMTP backend crashes on invalid email addresses such as “to@”
-------------------------------------+-------------------------------------
Reporter: Kwadwo Owusu Ansah | Owner: (none)
Type: Bug | Status: closed
Component: Core (Mail) | Version: dev
Severity: Normal | Resolution: duplicate
Keywords: smtp invalid email | Triage Stage:
parser regression | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by Mike Edmunds):

Replying to [comment:2 Jake Howard]:

> Is it definitely not possible for an SMTP server to not require the
hostname part of an address?

Django specifically supports localpart-only addresses like "webmaster"
which are intended to be delivered to a local mailbox. (Despite Python's
email package marking that form as a header defect.)

But Django doesn't allow invalid addresses like "webmaster@" or "to@" as
reported here.
--
Ticket URL: <https://code.djangoproject.com/ticket/36752#comment:4>