| commit | author | age | ||
| 854cc6 | 1 | From 5b67aca6fb4246e84981d6361ba218bd52e73ac2 Mon Sep 17 00:00:00 2001 |
| CS | 2 | From: Tomas Orsava <torsava@redhat.com> |
| 3 | Date: Tue, 21 Jun 2016 15:52:03 +0200 | |
| 4 | Subject: [PATCH] Raise an error when STARTTLS fails | |
| 5 | ||
| 6 | CVE-2016-0772 python: smtplib StartTLS stripping attack | |
| 7 | rhbz#1303647: https://bugzilla.redhat.com/show_bug.cgi?id=1303647 | |
| 8 | ||
| 9 | Based on an upstream change by Benjamin Peterson <benjamin@python.org> | |
| 10 | - in changeset 101886:b3ce713fb9be 2.7 | |
| 11 | - https://hg.python.org/cpython/rev/b3ce713fb9be | |
| 12 | --- | |
| 13 | Lib/smtplib.py | 5 +++++ | |
| 14 | 1 file changed, 5 insertions(+) | |
| 15 | ||
| 16 | diff --git a/Lib/smtplib.py b/Lib/smtplib.py | |
| 17 | index dc16ef6..8bc806b 100755 | |
| 18 | --- a/Lib/smtplib.py | |
| 19 | +++ b/Lib/smtplib.py | |
| 20 | @@ -655,6 +655,11 @@ class SMTP: | |
| 21 | self.ehlo_resp = None | |
| 22 | self.esmtp_features = {} | |
| 23 | self.does_esmtp = 0 | |
| 24 | + else: | |
| 25 | + # RFC 3207: | |
| 26 | + # 501 Syntax error (no parameters allowed) | |
| 27 | + # 454 TLS not available due to temporary reason | |
| 28 | + raise SMTPResponseException(resp, reply) | |
| 29 | return (resp, reply) | |
| 30 | ||
| 31 | def sendmail(self, from_addr, to_addrs, msg, mail_options=[], | |
| 32 | -- | |
| 33 | 2.5.5 | |
| 34 | ||
