raise an error when STARTTLS fails

author Benjamin Peterson <benjamin@python.org>

Sat, 11 Jun 2016 20:16:42 +0000 (13:16 -0700)

committer Benjamin Peterson <benjamin@python.org>

Sat, 11 Jun 2016 20:16:42 +0000 (13:16 -0700)
author Benjamin Peterson <benjamin@python.org>
Sat, 11 Jun 2016 20:16:42 +0000 (13:16 -0700)
committer Benjamin Peterson <benjamin@python.org>
Sat, 11 Jun 2016 20:16:42 +0000 (13:16 -0700)
diff --git a/Lib/smtplib.py b/Lib/smtplib.py

index db23ff0d20d1b42aa7542e89f7ab8d237755ca79..ac1f5937894a30db596d764958ac117740151463 100755 (executable)
--- a/Lib/smtplib.py
+++ b/Lib/smtplib.py
@@ -695,6 +695,11 @@ class SMTP:
              self.ehlo_resp = None
              self.esmtp_features = {}
              self.does_esmtp = 0
+        else:
+            # RFC 3207:
+            # 501 Syntax error (no parameters allowed)
+            # 454 TLS not available due to temporary reason
+            raise SMTPResponseException(resp, reply)
          return (resp, reply)
  
      def sendmail(self, from_addr, to_addrs, msg, mail_options=[],
diff --git a/Misc/NEWS b/Misc/NEWS

index 86ef3d762f8d2ea8a672ff50d793d41f8be957aa..92e1a809fe61bd73c97050ed47d5e7aa01859166 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -19,6 +19,9 @@ Core and Builtins
  Library
  -------
  
+- Fix TLS stripping vulnerability in smptlib, CVE-2016-0772.  Reported by Team
+  Oststrom
+
  - Issue #25939: On Windows open the cert store readonly in ssl.enum_certificates.
  
  - Issue #26012: Don't traverse into symlinks for ** pattern in
author	Benjamin Peterson <benjamin@python.org>
	Sat, 11 Jun 2016 20:16:42 +0000 (13:16 -0700)
committer	Benjamin Peterson <benjamin@python.org>
	Sat, 11 Jun 2016 20:16:42 +0000 (13:16 -0700)
Lib/smtplib.py		patch \| blob \| history
Misc/NEWS		patch \| blob \| history