diff options
| author | Yusuke Endoh <mame@ruby-lang.org> | 2021-07-07 12:06:44 +0900 |
|---|---|---|
| committer | NAKAMURA Usaku <usa@ruby-lang.org> | 2021-07-07 19:48:22 +0900 |
| commit | a21a3b7d23704a01d34bd79d09dc37897e00922a (patch) | |
| tree | a1d36058ca888abfa21236478b81de7dc0d387ba /lib/net | |
| parent | 3ca1399150ed4eacfd2fe1ee251b966f8d1ee469 (diff) | |
Fix StartTLS stripping vulnerabilityv2_7_4
Reported by Alexandr Savca in https://hackerone.com/reports/1178562
Co-authored-by: Shugo Maeda <shugo@ruby-lang.org>
Diffstat (limited to 'lib/net')
| -rw-r--r-- | lib/net/imap.rb | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/net/imap.rb b/lib/net/imap.rb index 720acbc86d..94ef78198f 100644 --- a/lib/net/imap.rb +++ b/lib/net/imap.rb @@ -1216,12 +1216,14 @@ module Net end resp = @tagged_responses.delete(tag) case resp.name + when /\A(?:OK)\z/ni + return resp when /\A(?:NO)\z/ni raise NoResponseError, resp when /\A(?:BAD)\z/ni raise BadResponseError, resp else - return resp + raise UnknownResponseError, resp end end @@ -3717,6 +3719,10 @@ module Net class ByeResponseError < ResponseError end + # Error raised upon an unknown response from the server. + class UnknownResponseError < ResponseError + end + RESPONSE_ERRORS = Hash.new(ResponseError) RESPONSE_ERRORS["NO"] = NoResponseError RESPONSE_ERRORS["BAD"] = BadResponseError |