summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYusuke Endoh <mame@ruby-lang.org>2021-07-07 12:06:44 +0900
committerNAKAMURA Usaku <usa@ruby-lang.org>2021-07-07 19:48:22 +0900
commita21a3b7d23704a01d34bd79d09dc37897e00922a (patch)
treea1d36058ca888abfa21236478b81de7dc0d387ba
parent3ca1399150ed4eacfd2fe1ee251b966f8d1ee469 (diff)
Fix StartTLS stripping vulnerabilityv2_7_4
Reported by Alexandr Savca in https://hackerone.com/reports/1178562 Co-authored-by: Shugo Maeda <shugo@ruby-lang.org>
-rw-r--r--lib/net/imap.rb8
-rw-r--r--test/net/imap/test_imap.rb31
-rw-r--r--version.h2
3 files changed, 39 insertions, 2 deletions
diff --git a/lib/net/imap.rb b/lib/net/imap.rb
index 720acbc86d..94ef78198f 100644
--- a/lib/net/imap.rb
+++ b/lib/net/imap.rb
@@ -1216,12 +1216,14 @@ module Net
end
resp = @tagged_responses.delete(tag)
case resp.name
+ when /\A(?:OK)\z/ni
+ return resp
when /\A(?:NO)\z/ni
raise NoResponseError, resp
when /\A(?:BAD)\z/ni
raise BadResponseError, resp
else
- return resp
+ raise UnknownResponseError, resp
end
end
@@ -3717,6 +3719,10 @@ module Net
class ByeResponseError < ResponseError
end
+ # Error raised upon an unknown response from the server.
+ class UnknownResponseError < ResponseError
+ end
+
RESPONSE_ERRORS = Hash.new(ResponseError)
RESPONSE_ERRORS["NO"] = NoResponseError
RESPONSE_ERRORS["BAD"] = BadResponseError
diff --git a/test/net/imap/test_imap.rb b/test/net/imap/test_imap.rb
index 33b305e116..0ce0eb67ba 100644
--- a/test/net/imap/test_imap.rb
+++ b/test/net/imap/test_imap.rb
@@ -127,6 +127,16 @@ class IMAPTest < Test::Unit::TestCase
imap.disconnect
end
end
+
+ def test_starttls_stripping
+ starttls_stripping_test do |port|
+ imap = Net::IMAP.new("localhost", :port => port)
+ assert_raise(Net::IMAP::UnknownResponseError) do
+ imap.starttls(:ca_file => CA_FILE)
+ end
+ imap
+ end
+ end
end
def start_server
@@ -784,6 +794,27 @@ EOF
end
end
+ def starttls_stripping_test
+ server = create_tcp_server
+ port = server.addr[1]
+ start_server do
+ sock = server.accept
+ begin
+ sock.print("* OK test server\r\n")
+ sock.gets
+ sock.print("RUBY0001 BUG unhandled command\r\n")
+ ensure
+ sock.close
+ server.close
+ end
+ end
+ begin
+ imap = yield(port)
+ ensure
+ imap.disconnect if imap && !imap.disconnected?
+ end
+ end
+
def create_tcp_server
return TCPServer.new(server_addr, 0)
end
diff --git a/version.h b/version.h
index f41251e06e..959011c7ac 100644
--- a/version.h
+++ b/version.h
@@ -2,7 +2,7 @@
# define RUBY_VERSION_MINOR RUBY_API_VERSION_MINOR
#define RUBY_VERSION_TEENY 4
#define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR
-#define RUBY_PATCHLEVEL 190
+#define RUBY_PATCHLEVEL 191
#define RUBY_RELEASE_YEAR 2021
#define RUBY_RELEASE_MONTH 7