From a21a3b7d23704a01d34bd79d09dc37897e00922a Mon Sep 17 00:00:00 2001
From: Yusuke Endoh <mame@ruby-lang.org>
Date: Wed, 7 Jul 2021 12:06:44 +0900
Subject: Fix StartTLS stripping vulnerability

Reported by Alexandr Savca in https://hackerone.com/reports/1178562

Co-authored-by: Shugo Maeda <shugo@ruby-lang.org>
---
 test/net/imap/test_imap.rb | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

(limited to 'test/net')

diff --git a/test/net/imap/test_imap.rb b/test/net/imap/test_imap.rb
index 33b305e116..0ce0eb67ba 100644
--- a/test/net/imap/test_imap.rb
+++ b/test/net/imap/test_imap.rb
@@ -127,6 +127,16 @@ class IMAPTest < Test::Unit::TestCase
         imap.disconnect
       end
     end
+
+    def test_starttls_stripping
+      starttls_stripping_test do |port|
+        imap = Net::IMAP.new("localhost", :port => port)
+        assert_raise(Net::IMAP::UnknownResponseError) do
+          imap.starttls(:ca_file => CA_FILE)
+        end
+        imap
+      end
+    end
   end
 
   def start_server
@@ -784,6 +794,27 @@ EOF
     end
   end
 
+  def starttls_stripping_test
+    server = create_tcp_server
+    port = server.addr[1]
+    start_server do
+      sock = server.accept
+      begin
+        sock.print("* OK test server\r\n")
+        sock.gets
+        sock.print("RUBY0001 BUG unhandled command\r\n")
+      ensure
+        sock.close
+        server.close
+      end
+    end
+    begin
+      imap = yield(port)
+    ensure
+      imap.disconnect if imap && !imap.disconnected?
+    end
+  end
+
   def create_tcp_server
     return TCPServer.new(server_addr, 0)
   end
-- 
cgit v1.2.3