gh-138223: Fix Infinite loop in email._header_value_parser._fold_mime_parameters when parameter names are too long

[ChenyangLi4288]

The infinite loop occurred in _fold_mime_parameters() when processing MIME parameters
with very long keys (64 characters) during RFC 2231 encoding.

Changes made:

1. In email._header_value_parser._fold_mime_parameters():

   • Replace infinite 'while True:' loop with 'while splitpoint > 1:'
   • Ensure splitpoint is always at least 1 to prevent getting stuck
   • Add fallback logic to force minimal splits when values cannot fit

2. In email.header._append_chunk():

   • Add comment explaining handling of extremely long strings that can't be split

This fixes GitHub issue #138223 where add_attachment() with long parameter
keys would cause as_string() to hang indefinitely during MIME parameter
folding and header processing.

• Issue: Infinite loop in email._header_value_parser._fold_mime_parameters when parameter names are too long #138223

[picnixz]

What does the RFC say about folding? Please add a regression test as well and move the blurb entry from library to security.

[bedevere-app]

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

[ChenyangLi4288]

RFC 2231 specifying that:
Parameter values can be encoded and folded when they're too long
The folding must maintain the parameter's integrity while following RFC 5322's folding rules
When parameters are encoded (like with RFC 2231 encoding), they must still follow proper folding boundaries
In the context of this fix for issue #138223, the infinite loop was occurring in the _fold_mime_parameters function when it tried to fold excessively long parameter names. The RFCs don't specify a maximum length for parameter names, but they do require that folding operations complete in finite time and don't get stuck in infinite loops.

[picnixz]

The RFCs don't specify a maximum length for parameter names

They do, it's 126 reserved characters (it's in the EBNF)

they do require that folding operations complete in finite time and don't get stuck in infinite loops.

In this case, I think forcing the writing is fine.

---

OTOH, does the RFC allow splitting the parameter names in a good way? (and how)

[ChenyangLi4288]

1. FC Parameter Name Length Limit
   Thank you for reminding! I checked EBNF and confirmed length of 126.
2. Parameter Name Splitting
   RFC 2231 does NOT allow splitting parameter names. The RFC specifically states that parameter names themselves cannot be split or folded using the continuation mechanism. Only parameter values can be split.
3. The Fix Approach
   Given that:
   1)Parameter names cannot be split (RFC restriction)
   2)Parameter names have a 126-character limit (RFC specification)
   3)Folding must complete in finite time (RFC requirement)
   I think forcing the writing maintains RFC compliance while preventing the infinite loop.

[picnixz]

RFC 2231 does NOT allow splitting parameter names. The RFC specifically states that parameter names themselves cannot be split or folded using the continuation mechanism

Could you pinpoint the location of the RFC where it's stated, so that we also add it at the source code level as a comment? TiA.

[picnixz]

The tests are incomplete and incorrect as the length limit is dynamic and depends on the length of the parameter's values, and please:

• don't create a new file,
• don't catch unexpected exceptions,
• verify that main hangs with the test inputs. The bad values depend on the values.

[picnixz]

I'm converting it into a draft until comments are addressed.

[ChenyangLi4288]

It doesn't EXPLICITLY state that parameter names cannot be split.
What RFC 2231 does specify is:
Purpose and scope (Section 3): "The asterisk character ("*") followed by a decimal count is employed to indicate that multiple parameters are being used to encapsulate a single parameter value" - this describes the mechanism as being for splitting values, not names.

All examples in section 7 show splitting values across multiple complete parameter names, never splitting the parameter name itself. So the prohibition against splitting parameter names is inferred from the RFC's design and purpose rather than explicitly stated.

[picnixz]

It doesn't EXPLICITLY state that parameter names cannot be split.

As there is no mechanism to split them and since the EBNF doesn't allow partial names, I think we should consider this to be the norm. @bitdancer any recommendation here?

[picnixz]

Please, stop merging main into your branch unless there is a conflict to solve. It wastes resources.

[ChenyangLi4288]

Sorry for that, will stop doing that.

[ChenyangLi4288]

any updates on that?

[bedevere-app]

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

[picnixz]

any updates on that?

Usually, reviews can be requested after a month or so if the reviewers didn't reply since then. We don't always have the necessary bandwidth.