starttls: Clear unencrypted commands from buffer (#380)

aio-libs · May 18, 2024 · b3a4a2c · b3a4a2c
1 parent 6e148d7
commit b3a4a2c
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/aiosmtpd/docs/NEWS.rst b/aiosmtpd/docs/NEWS.rst
@@ -4,6 +4,10 @@
 
 .. towncrier release notes start
 
+1.4.6 (2024-05-06)
+==================
+
+* STARTTLS is now fully enforced if used.
 
 1.4.5 (2024-03-02)
 ==================

diff --git a/aiosmtpd/smtp.py b/aiosmtpd/smtp.py
@@ -504,6 +504,9 @@ def connection_made(self, transport: asyncio.BaseTransport) -> None:
             self._reader._transport = transport  # type: ignore[attr-defined]
             self._writer._transport = transport  # type: ignore[attr-defined]
             self.transport = transport
+            # Discard any leftover unencrypted data
+            # See https://tools.ietf.org/html/rfc3207#page-7
+            self._reader._buffer.clear()  # type: ignore[attr-defined]
             # Do SSL certificate checking as rfc3207 part 4.1 says.  Why is
             # _extra a protected attribute?
             assert self._tls_protocol is not None