Tree - rpms/libetpan - src.fedoraproject.org

rpms / libetpan

Overview Files Commits Branches Forks Releases

Monitoring status:

Bugzilla Assignee:

Fedora:: mtasaka
EPEL:: simo

Files

Blob Blame History Raw

From 1002a0121a8f5a9aee25357769807f2c519fa50b Mon Sep 17 00:00:00 2001
From: Damian Poddebniak <duesee@users.noreply.github.com>
Date: Fri, 24 Jul 2020 19:39:53 +0200
Subject: [PATCH 1/2] Detect extra data after STARTTLS response and exit (#387)

---
 src/low-level/imap/mailimap.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/low-level/imap/mailimap.c b/src/low-level/imap/mailimap.c
index bb17119..4ffcf55 100644
--- a/src/low-level/imap/mailimap.c
+++ b/src/low-level/imap/mailimap.c
@@ -2428,6 +2428,13 @@ int mailimap_starttls(mailimap * session)
 
   mailimap_response_free(response);
 
+  // Detect if the server send extra data after the STARTTLS response.
+  // This *may* be a "response injection attack".
+  if (session->imap_stream->read_buffer_len != 0) {
+      // Since it is also an IMAP protocol violation, exit.
+      return MAILIMAP_ERROR_STARTTLS;
+  }
+
   switch (error_code) {
   case MAILIMAP_RESP_COND_STATE_OK:
     return MAILIMAP_NO_ERROR;
-- 
2.26.2

rpms / libetpan

Source Code

Files