From 4c0f6a6fe6c71009ab4a6b3716e70af021e04904 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Sat, 2 Jul 2016 20:18:12 +0200 Subject: [PATCH] Raise an error when STARTTLS fails CVE-2016-0772 python: smtplib StartTLS stripping attack rhbz#1303647: https://bugzilla.redhat.com/show_bug.cgi?id=1303647 rhbz#1351680: https://bugzilla.redhat.com/show_bug.cgi?id=1351680 Based on an upstream change by Benjamin Peterson - in changeset 101887:d590114c2394 3.4 - https://hg.python.org/cpython/rev/d590114c2394 --- lib-python/3/smtplib.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib-python/3/smtplib.py b/lib-python/3/smtplib.py index 57f181b..5656cc6 100755 --- a/lib-python/3/smtplib.py +++ b/lib-python/3/smtplib.py @@ -680,6 +680,11 @@ class SMTP: self.ehlo_resp = None self.esmtp_features = {} self.does_esmtp = 0 + else: + # RFC 3207: + # 501 Syntax error (no parameters allowed) + # 454 TLS not available due to temporary reason + raise SMTPResponseException(resp, reply) return (resp, reply) def sendmail(self, from_addr, to_addrs, msg, mail_options=[], -- 2.9.0