From a21a3b7d23704a01d34bd79d09dc37897e00922a Mon Sep 17 00:00:00 2001
From: Yusuke Endoh <mame@ruby-lang.org>
Date: Wed, 7 Jul 2021 12:06:44 +0900
Subject: Fix StartTLS stripping vulnerability

Reported by Alexandr Savca in https://hackerone.com/reports/1178562

Co-authored-by: Shugo Maeda <shugo@ruby-lang.org>
---
 lib/net/imap.rb | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/net/imap.rb b/lib/net/imap.rb
index 720acbc86d..94ef78198f 100644
--- a/lib/net/imap.rb
+++ b/lib/net/imap.rb
@@ -1216,12 +1216,14 @@ module Net
       end
       resp = @tagged_responses.delete(tag)
       case resp.name
+      when /\A(?:OK)\z/ni
+        return resp
       when /\A(?:NO)\z/ni
         raise NoResponseError, resp
       when /\A(?:BAD)\z/ni
         raise BadResponseError, resp
       else
-        return resp
+        raise UnknownResponseError, resp
       end
     end
 
@@ -3717,6 +3719,10 @@ module Net
     class ByeResponseError < ResponseError
     end
 
+    # Error raised upon an unknown response from the server.
+    class UnknownResponseError < ResponseError
+    end
+
     RESPONSE_ERRORS = Hash.new(ResponseError)
     RESPONSE_ERRORS["NO"] = NoResponseError
     RESPONSE_ERRORS["BAD"] = BadResponseError
-- 
cgit v1.2.3