From: Benjamin Peterson <benjamin@python.org>
Date: Sat, 11 Jun 2016 20:16:42 +0000 (-0700)
Subject: raise an error when STARTTLS fails
X-Git-Tag: v2.7.12rc1~4
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2e1b7fc998e1744eeb3bb31b131eba0145b88a2f;p=python

raise an error when STARTTLS fails
---

diff --git a/Lib/smtplib.py b/Lib/smtplib.py
index 8388b984a1..e1651c0a8b 100755
--- a/Lib/smtplib.py
+++ b/Lib/smtplib.py
@@ -656,6 +656,11 @@ class SMTP:
             self.ehlo_resp = None
             self.esmtp_features = {}
             self.does_esmtp = 0
+        else:
+            # RFC 3207:
+            # 501 Syntax error (no parameters allowed)
+            # 454 TLS not available due to temporary reason
+            raise SMTPResponseException(resp, reply)
         return (resp, reply)
 
     def sendmail(self, from_addr, to_addrs, msg, mail_options=[],
diff --git a/Misc/NEWS b/Misc/NEWS
index 4c643efe23..313d913fe8 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -92,6 +92,9 @@ Core and Builtins
 Library
 -------
 
+- Fix TLS stripping vulnerability in smptlib, CVE-2016-0772.  Reported by Team
+  Oststrom
+
 - Issue #7356: ctypes.util: Make parsing of ldconfig output independent of the
   locale.