From 0f93d3b7b8d5ba6200e1675c4567f7db5e4c8e7e Mon Sep 17 00:00:00 2001
From: Tomas Orsava <torsava@redhat.com>
Date: Fri, 1 Jul 2016 16:54:18 +0200
Subject: [PATCH] Raise an error when STARTTLS fails
CVE-2016-0772 python: smtplib StartTLS stripping attack
rhbz#1303647: https://bugzilla.redhat.com/show_bug.cgi?id=1303647
Based on an upstream change by Benjamin Peterson <benjamin@python.org>
- in changeset 101887:d590114c2394 3.4
- https://hg.python.org/cpython/rev/d590114c2394
---
Lib/smtplib.py | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/Lib/smtplib.py b/Lib/smtplib.py
index f2c8452..0aa54c1 100644
--- a/Lib/smtplib.py
+++ b/Lib/smtplib.py
@@ -676,6 +676,11 @@ class SMTP:
self.ehlo_resp = None
self.esmtp_features = {}
self.does_esmtp = 0
+ else:
+ # RFC 3207:
+ # 501 Syntax error (no parameters allowed)
+ # 454 TLS not available due to temporary reason
+ raise SMTPResponseException(resp, reply)
return (resp, reply)
def sendmail(self, from_addr, to_addrs, msg, mail_options=[],
--
2.9.0