🍒 pick 62eea6f: 🔒🥅 Ensure STARTTLS tagged response was handled [backport #664]

Taking a "belt-and-suspenders" approach to a STARTTLS stripping attack:

This handles `STARTTLS` as a special-case: if the `STARTTLS` handler
did not run, for _whatever_ reason, an exception _must_ be raised and
the connection dropped.

_No_ command should ever receive a tagged `OK` prior to completely
sending the command.  But `STARTTLS` is security-sensitive enough to
warrant this special-case handler.

Author: nevans

lib/net/imap.rb

@@ -1412,9 +1412,11 @@ def logout!
     #
     def starttls(**options)
       @ssl_ctx_params, @ssl_ctx = build_ssl_ctx(options)
+      handled = false
       error = nil
       ok = send_command("STARTTLS") do |resp|
         if resp.kind_of?(TaggedResponse) && resp.name == "OK"
+          handled = true
           clear_cached_capabilities
           clear_responses
           start_tls_session
@@ -1426,6 +1428,13 @@ def starttls(**options)
         disconnect
         raise error
       end
+      unless handled
+        disconnect
+        raise InvalidResponseError,
+              "STARTTLS handler was bypassed, although server responded %p" % [
+                ok.raw_data.chomp
+              ]
+      end
       ok
     end