From d4ffdc0b911f024af890233d05dbec0b2ad1d4eb Mon Sep 17 00:00:00 2001 From: Houssam El Mansouri Date: Fri, 18 Jul 2025 17:55:44 +0100 Subject: [PATCH 1/2] InternetAddress validation is not conforming to RFC822 --- .../mail/internet/InternetAddress.java | 2 +- .../mail/internet/InternetAddressTest.java | 26 +++++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/api/src/main/java/jakarta/mail/internet/InternetAddress.java b/api/src/main/java/jakarta/mail/internet/InternetAddress.java index 257ef4c4..04bbdcaa 100644 --- a/api/src/main/java/jakarta/mail/internet/InternetAddress.java +++ b/api/src/main/java/jakarta/mail/internet/InternetAddress.java @@ -1348,7 +1348,7 @@ private static void checkAddress(String addr, "Local address ends with dot", addr); break; // done with local part } - if (c <= 040 || c == 0177) + if (c <= 040 || c >= 0177) throw new AddressException( "Local address contains control or whitespace", addr); if (specialsNoDot.indexOf(c) >= 0) diff --git a/api/src/test/java/jakarta/mail/internet/InternetAddressTest.java b/api/src/test/java/jakarta/mail/internet/InternetAddressTest.java index 069cd363..e6efb965 100644 --- a/api/src/test/java/jakarta/mail/internet/InternetAddressTest.java +++ b/api/src/test/java/jakarta/mail/internet/InternetAddressTest.java @@ -30,6 +30,8 @@ import java.util.Collection; import java.util.List; +import static org.junit.Assert.assertThrows; + /** * Test Internet address parsing. * @@ -379,4 +381,28 @@ private static final void pr(String s) { private static final String n(String s) { return s == null ? "" : s; } + + @Test + public void testNonASCIICharacterValidation() { + // Test cases that should throw AddressException + String[] invalidAddresses = { + "testächar@something.com", // ä = 228 + "tëst@example.com", // ë = 235 + "用户@example.com", // Chinese characters + "test@examplé.com" // é = 233 + }; + + for (String addr : invalidAddresses) { + assertThrows(AddressException.class, () -> { + new InternetAddress(addr, true); + }); + + assertThrows(AddressException.class, () -> { + InternetAddress address = new InternetAddress(addr); + address.validate(); + }); + } + } + + } From 7cd76ac8752569dc0c56d37ddf2172a1911207b7 Mon Sep 17 00:00:00 2001 From: Houssam El Mansouri Date: Sat, 19 Jul 2025 22:37:41 +0100 Subject: [PATCH 2/2] Fix test --- .../test/java/jakarta/mail/internet/InternetAddressTest.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/api/src/test/java/jakarta/mail/internet/InternetAddressTest.java b/api/src/test/java/jakarta/mail/internet/InternetAddressTest.java index e6efb965..3e859b3b 100644 --- a/api/src/test/java/jakarta/mail/internet/InternetAddressTest.java +++ b/api/src/test/java/jakarta/mail/internet/InternetAddressTest.java @@ -395,12 +395,12 @@ public void testNonASCIICharacterValidation() { for (String addr : invalidAddresses) { assertThrows(AddressException.class, () -> { new InternetAddress(addr, true); - }); + }, "Expected AddressException for strict constructor with address: " + addr); assertThrows(AddressException.class, () -> { InternetAddress address = new InternetAddress(addr); address.validate(); - }); + }, "Expected AddressException for validate() with address: " + addr); } }