Fix StartTLS stripping vulnerability

This fixes CVE-2021-32066. Reported by Alexandr Savca in <https://hackerone.com/reports/1178562>.
author: Shugo Maeda <shugo@ruby-lang.org> 2021-05-11 10:31:27 +0900
committer: nagachika <nagachika@ruby-lang.org> 2021-07-07 19:08:18 +0900
commit: e2ac25d0eb66de99f098d6669cf4f06796aa6256 (patch)
tree: f302700f02791d309bbbf695573e6b0705ceb91c /test/net/imap/test_imap.rb
parent: fc71da2673b4cef08749a6756c3fe2ca214820b7 (diff)
1 files changed, 31 insertions, 0 deletions
diff --git a/test/net/imap/test_imap.rb b/test/net/imap/test_imap.rb
index 8b924b524e..85fb71d440 100644
--- a/test/net/imap/test_imap.rb
+++ b/test/net/imap/test_imap.rb
@@ -127,6 +127,16 @@ class IMAPTest < Test::Unit::TestCase
         imap.disconnect
       end
     end
+
+    def test_starttls_stripping
+      starttls_stripping_test do |port|
+        imap = Net::IMAP.new("localhost", :port => port)
+        assert_raise(Net::IMAP::UnknownResponseError) do
+          imap.starttls(:ca_file => CA_FILE)
+        end
+        imap
+      end
+    end
   end
 
   def start_server
@@ -834,6 +844,27 @@ EOF
     end
   end
 
+  def starttls_stripping_test
+    server = create_tcp_server
+    port = server.addr[1]
+    start_server do
+      sock = server.accept
+      begin
+        sock.print("* OK test server\r\n")
+        sock.gets
+        sock.print("RUBY0001 BUG unhandled command\r\n")
+      ensure
+        sock.close
+        server.close
+      end
+    end
+    begin
+      imap = yield(port)
+    ensure
+      imap.disconnect if imap && !imap.disconnected?
+    end
+  end
+
   def create_tcp_server
     return TCPServer.new(server_addr, 0)
   end
author	Shugo Maeda <shugo@ruby-lang.org>	2021-05-11 10:31:27 +0900
committer	nagachika <nagachika@ruby-lang.org>	2021-07-07 19:08:18 +0900
commit	e2ac25d0eb66de99f098d6669cf4f06796aa6256 (patch)
tree	f302700f02791d309bbbf695573e6b0705ceb91c /test/net/imap/test_imap.rb
parent	fc71da2673b4cef08749a6756c3fe2ca214820b7 (diff)