Tomas Orsava 1ec7cd
From c2c98ddde2665d12e34f17c4eac90832df720114 Mon Sep 17 00:00:00 2001
Tomas Orsava 1ec7cd
From: Tomas Orsava <torsava@redhat.com>
Tomas Orsava 1ec7cd
Date: Thu, 16 Jun 2016 18:56:18 +0200
Tomas Orsava 1ec7cd
Subject: [PATCH] Raise an error when STARTTLS fails
Tomas Orsava 1ec7cd
Tomas Orsava 1ec7cd
CVE-2016-0772 python: smtplib StartTLS stripping attack
Tomas Orsava 1ec7cd
rhbz#1303647: https://bugzilla.redhat.com/show_bug.cgi?id=1303647
Tomas Orsava 1ec7cd
rhbz#1346344: https://bugzilla.redhat.com/show_bug.cgi?id=1346344
Tomas Orsava 1ec7cd
Tomas Orsava 1ec7cd
Based on an upstream change by Benjamin Peterson <benjamin@python.org>
Tomas Orsava 1ec7cd
- in changeset 101886:b3ce713fb9be 2.7
Tomas Orsava 1ec7cd
- https://hg.python.org/cpython/rev/b3ce713fb9be
Tomas Orsava 1ec7cd
---
Tomas Orsava 1ec7cd
 Lib/smtplib.py | 5 +++++
Tomas Orsava 1ec7cd
 1 file changed, 5 insertions(+)
Tomas Orsava 1ec7cd
Tomas Orsava 1ec7cd
diff --git a/Lib/smtplib.py b/Lib/smtplib.py
Tomas Orsava 1ec7cd
index 8388b98..e1651c0 100755
Tomas Orsava 1ec7cd
--- a/Lib/smtplib.py
Tomas Orsava 1ec7cd
+++ b/Lib/smtplib.py
Tomas Orsava 1ec7cd
@@ -656,6 +656,11 @@ class SMTP:
Tomas Orsava 1ec7cd
             self.ehlo_resp = None
Tomas Orsava 1ec7cd
             self.esmtp_features = {}
Tomas Orsava 1ec7cd
             self.does_esmtp = 0
Tomas Orsava 1ec7cd
+        else:
Tomas Orsava 1ec7cd
+            # RFC 3207:
Tomas Orsava 1ec7cd
+            # 501 Syntax error (no parameters allowed)
Tomas Orsava 1ec7cd
+            # 454 TLS not available due to temporary reason
Tomas Orsava 1ec7cd
+            raise SMTPResponseException(resp, reply)
Tomas Orsava 1ec7cd
         return (resp, reply)
Tomas Orsava 1ec7cd
 
Tomas Orsava 1ec7cd
     def sendmail(self, from_addr, to_addrs, msg, mail_options=[],
Tomas Orsava 1ec7cd
-- 
Tomas Orsava 1ec7cd
2.5.5
Tomas Orsava 1ec7cd