From 05568af92f040bae6ba6e1ff306e8af56636e2c7 Mon Sep 17 00:00:00 2001 From: Arusekk Date: Sun, 9 Jul 2023 13:28:35 +0200 Subject: [PATCH] starttls: Clear unencrypted commands from buffer --- aiosmtpd/docs/NEWS.rst | 1 + aiosmtpd/smtp.py | 3 +++ 2 files changed, 4 insertions(+) diff --git a/aiosmtpd/docs/NEWS.rst b/aiosmtpd/docs/NEWS.rst index 7cc773c6..6dcecdd1 100644 --- a/aiosmtpd/docs/NEWS.rst +++ b/aiosmtpd/docs/NEWS.rst @@ -4,6 +4,7 @@ .. towncrier release notes start +* STARTTLS is now fully enforced if used 1.4.5 (2024-03-02) ================== diff --git a/aiosmtpd/smtp.py b/aiosmtpd/smtp.py index c6605a56..4b76d956 100644 --- a/aiosmtpd/smtp.py +++ b/aiosmtpd/smtp.py @@ -504,6 +504,9 @@ def connection_made(self, transport: asyncio.BaseTransport) -> None: self._reader._transport = transport # type: ignore[attr-defined] self._writer._transport = transport # type: ignore[attr-defined] self.transport = transport + # Discard any leftover unencrypted data + # See https://tools.ietf.org/html/rfc3207#page-7 + self._reader._buffer.clear() # Do SSL certificate checking as rfc3207 part 4.1 says. Why is # _extra a protected attribute? assert self._tls_protocol is not None