Only allow 0-9 digits in MIME parameter section numbers

Author: matthieucan

Lib/email/_header_value_parser.py

@@ -2398,17 +2398,22 @@ def get_section(value):
     The caller should already have dealt with leading CFWS.
 
     """
+    def is_allowed_digit(c):
+        # We don't use str.isdigit because only 0-9 are accepted, not
+        # super-script and other types of digits.
+        return c in {'0','1','2','3','4','5','6','7','8','9'}
+
     section = Section()
     if not value or value[0] != '*':
         raise errors.HeaderParseError("Expected section but found {}".format(
                                         value))
     section.append(ValueTerminal('*', 'section-marker'))
     value = value[1:]
-    if not value or not value[0].isdigit():
+    if not value or not is_allowed_digit(value[0]):
         raise errors.HeaderParseError("Expected section number but "
                                       "found {}".format(value))
     digits = ''
-    while value and value[0].isdigit():
+    while value and is_allowed_digit(value[0]):
         digits += value[0]
         value = value[1:]
     if digits[0] == '0' and digits != '0':

Lib/test/test_email/test__header_value_parser.py

@@ -2982,6 +2982,16 @@ def mime_parameters_as_value(self,
             'r*=\'a\'"',
             [('r', '"')],
             [errors.InvalidHeaderDefect]*2),
+
+        # bpo-42946: Unicode super-script digits (and others) are not allowed
+        # as section numbers.
+        'non_allowed_digits': (
+            'foo*0=bar; foo*²=baz',
+            ' foo="bar"',
+            'foo*0=bar; foo*²=baz',
+            [('foo', 'bar')],
+            [errors.InvalidHeaderDefect]),
+
     }
 
 @parameterize