Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython3 / 7591d9455eb37525c832da3d65e1a7b3e6dbf613^! / . / Lib / smtplib.py
commit7591d9455eb37525c832da3d65e1a7b3e6dbf613[log] [tgz]
authorPandu E POLUAN <pepoluan@gmail.com>Sat Mar 13 06:25:49 2021 +0700
committerGitHub <noreply@github.com>Fri Mar 12 15:25:49 2021 -0800
tree443271a487226a130c8851ce2578f4717285bf0a
parentba251c2ae6654bfc8abd9d886b219698ad34ac3c [diff] [blame]
bpo-27820: Fix AUTH LOGIN logic in smtplib.SMTP (GH-24118)

* Fix auth_login logic (bpo-27820)

* Also fix a longstanding bug in the SimSMTPChannel.found_terminator() method that causes inability to test
SMTP AUTH with initial_response_ok=False.
diff --git a/Lib/smtplib.py b/Lib/smtplib.py
index e81a9f0..0317248 100755
--- a/Lib/smtplib.py
+++ b/Lib/smtplib.py

@@ -64,6 +64,7 @@
 CRLF = "\r\n"
 bCRLF = b"\r\n"
 _MAXLINE = 8192 # more than 8 times larger than RFC 821, 4.5.3
+_MAXCHALLENGE = 5  # Maximum number of AUTH challenges sent
 
 OLDSTYLE_AUTH = re.compile(r"auth=(.*)", re.I)
 
@@ -248,6 +249,7 @@ def __init__(self, host='', port=0, local_hostname=None,
         self.esmtp_features = {}
         self.command_encoding = 'ascii'
         self.source_address = source_address
+        self._auth_challenge_count = 0
 
         if host:
             (code, msg) = self.connect(host, port)
@@ -633,14 +635,23 @@ def auth(self, mechanism, authobject, *, initial_response_ok=True):
         if initial_response is not None:
             response = encode_base64(initial_response.encode('ascii'), eol='')
             (code, resp) = self.docmd("AUTH", mechanism + " " + response)
+            self._auth_challenge_count = 1
         else:
             (code, resp) = self.docmd("AUTH", mechanism)
+            self._auth_challenge_count = 0
         # If server responds with a challenge, send the response.
-        if code == 334:
+        while code == 334:
+            self._auth_challenge_count += 1
             challenge = base64.decodebytes(resp)
             response = encode_base64(
                 authobject(challenge).encode('ascii'), eol='')
             (code, resp) = self.docmd(response)
+            # If server keeps sending challenges, something is wrong.
+            if self._auth_challenge_count > _MAXCHALLENGE:
+                raise SMTPException(
+                    "Server AUTH mechanism infinite loop. Last response: "
+                    + repr((code, resp))
+                )
         if code in (235, 503):
             return (code, resp)
         raise SMTPAuthenticationError(code, resp)
@@ -662,7 +673,7 @@ def auth_plain(self, challenge=None):
     def auth_login(self, challenge=None):
         """ Authobject to use with LOGIN authentication. Requires self.user and
         self.password to be set."""
-        if challenge is None:
+        if challenge is None or self._auth_challenge_count < 2:
             return self.user
         else:
             return self.password