raise an error when STARTTLS fails

author: Benjamin Peterson <benjamin@python.org> 2016-06-11 13:16:42 -0700
committer: Benjamin Peterson <benjamin@python.org> 2016-06-11 13:16:42 -0700
commit: 9997d0207649b71b5862d3c036c1f7dcacf4f7b1 (patch)
tree: d2ced46ddbc5116b1afcd7aa6ae24c13ff045c90
parent: 46562d808e8a19fcc789a3caab638b98a96b00b4 (diff)
download: cpython-9997d0207649b71b5862d3c036c1f7dcacf4f7b1.tar.gz
2 files changed, 8 insertions, 0 deletions
diff --git a/Lib/smtplib.py b/Lib/smtplib.py
index db23ff0d20..ac1f593789 100755
--- a/Lib/smtplib.py
+++ b/Lib/smtplib.py
@@ -695,6 +695,11 @@ class SMTP:
             self.ehlo_resp = None
             self.esmtp_features = {}
             self.does_esmtp = 0
+        else:
+            # RFC 3207:
+            # 501 Syntax error (no parameters allowed)
+            # 454 TLS not available due to temporary reason
+            raise SMTPResponseException(resp, reply)
         return (resp, reply)
 
     def sendmail(self, from_addr, to_addrs, msg, mail_options=[],
diff --git a/Misc/NEWS b/Misc/NEWS
index 86ef3d762f..92e1a809fe 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -19,6 +19,9 @@ Core and Builtins
 Library
 -------
 
+- Fix TLS stripping vulnerability in smptlib, CVE-2016-0772.  Reported by Team
+  Oststrom
+
 - Issue #25939: On Windows open the cert store readonly in ssl.enum_certificates.
 
 - Issue #26012: Don't traverse into symlinks for ** pattern in
author	Benjamin Peterson <benjamin@python.org>	2016-06-11 13:16:42 -0700
committer	Benjamin Peterson <benjamin@python.org>	2016-06-11 13:16:42 -0700
commit	9997d0207649b71b5862d3c036c1f7dcacf4f7b1 (patch)
tree	d2ced46ddbc5116b1afcd7aa6ae24c13ff045c90
parent	46562d808e8a19fcc789a3caab638b98a96b00b4 (diff)
download	cpython-9997d0207649b71b5862d3c036c1f7dcacf4f7b1.tar.gz