calculate
/
gentoo-overlay
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '31951f2b62'
${ noResults }
gentoo-overlay/net-libs/libetpan/files/libetpan-1.9.4-CVE-2020-159...

87 lines
2.8 KiB
Raw Blame History

From 1002a0121a8f5a9aee25357769807f2c519fa50b Mon Sep 17 00:00:00 2001
From: Damian Poddebniak <duesee@users.noreply.github.com>
Date: Fri, 24 Jul 2020 19:39:53 +0200
Subject: [PATCH 1/2] Detect extra data after STARTTLS response and exit (#387)
---
src/low-level/imap/mailimap.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/low-level/imap/mailimap.c b/src/low-level/imap/mailimap.c
index bb17119..4ffcf55 100644
--- a/src/low-level/imap/mailimap.c
+++ b/src/low-level/imap/mailimap.c
@@ -2428,6 +2428,13 @@ int mailimap_starttls(mailimap * session)
mailimap_response_free(response);
+ // Detect if the server send extra data after the STARTTLS response.
+ // This *may* be a "response injection attack".
+ if (session->imap_stream->read_buffer_len != 0) {
+ // Since it is also an IMAP protocol violation, exit.
+ return MAILIMAP_ERROR_STARTTLS;
+ }
+
switch (error_code) {
case MAILIMAP_RESP_COND_STATE_OK:
return MAILIMAP_NO_ERROR;
--
2.28.0
From 298460a2adaabd2f28f417a0f106cb3b68d27df9 Mon Sep 17 00:00:00 2001
From: Fabian Ising <Murgeye@users.noreply.github.com>
Date: Fri, 24 Jul 2020 19:40:48 +0200
Subject: [PATCH 2/2] Detect extra data after STARTTLS responses in SMTP and
POP3 and exit (#388)
* Detect extra data after STLS response and return error
* Detect extra data after SMTP STARTTLS response and return error
---
src/low-level/pop3/mailpop3.c | 8 ++++++++
src/low-level/smtp/mailsmtp.c | 8 ++++++++
2 files changed, 16 insertions(+)
diff --git a/src/low-level/pop3/mailpop3.c b/src/low-level/pop3/mailpop3.c
index ab9535b..e2124bf 100644
--- a/src/low-level/pop3/mailpop3.c
+++ b/src/low-level/pop3/mailpop3.c
@@ -959,6 +959,14 @@ int mailpop3_stls(mailpop3 * f)
if (r != RESPONSE_OK)
return MAILPOP3_ERROR_STLS_NOT_SUPPORTED;
+
+ // Detect if the server send extra data after the STLS response.
+ // This *may* be a "response injection attack".
+ if (f->pop3_stream->read_buffer_len != 0) {
+ // Since it is also protocol violation, exit.
+ // There is no error type for STARTTLS errors in POP3
+ return MAILPOP3_ERROR_SSL;
+ }
return MAILPOP3_NO_ERROR;
}
diff --git a/src/low-level/smtp/mailsmtp.c b/src/low-level/smtp/mailsmtp.c
index b7fc459..3145cad 100644
--- a/src/low-level/smtp/mailsmtp.c
+++ b/src/low-level/smtp/mailsmtp.c
@@ -1111,6 +1111,14 @@ int mailesmtp_starttls(mailsmtp * session)
return MAILSMTP_ERROR_STREAM;
r = read_response(session);
+ // Detect if the server send extra data after the STARTTLS response.
+ // This *may* be a "response injection attack".
+ if (session->stream->read_buffer_len != 0) {
+ // Since it is also protocol violation, exit.
+ // There is no general error type for STARTTLS errors in SMTP
+ return MAILSMTP_ERROR_SSL;
+ }
+
switch (r) {
case 220:
return MAILSMTP_NO_ERROR;
--
2.28.0
Reference in new issue View Git Blame Copy Permalink