diff options
Diffstat (limited to 'community/libetpan/CVE-2020-15953.patch')
-rw-r--r-- | community/libetpan/CVE-2020-15953.patch | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/community/libetpan/CVE-2020-15953.patch b/community/libetpan/CVE-2020-15953.patch new file mode 100644 index 0000000000..e02b000aad --- /dev/null +++ b/community/libetpan/CVE-2020-15953.patch | |||
@@ -0,0 +1,79 @@ | |||
1 | From 1002a0121a8f5a9aee25357769807f2c519fa50b Mon Sep 17 00:00:00 2001 | ||
2 | From: Damian Poddebniak <duesee@users.noreply.github.com> | ||
3 | Date: Fri, 24 Jul 2020 19:39:53 +0200 | ||
4 | Subject: [PATCH] Detect extra data after STARTTLS response and exit (#387) | ||
5 | |||
6 | --- | ||
7 | src/low-level/imap/mailimap.c | 7 +++++++ | ||
8 | 1 file changed, 7 insertions(+) | ||
9 | |||
10 | diff --git a/src/low-level/imap/mailimap.c b/src/low-level/imap/mailimap.c | ||
11 | index bb17119d..4ffcf55d 100644 | ||
12 | --- a/src/low-level/imap/mailimap.c | ||
13 | +++ b/src/low-level/imap/mailimap.c | ||
14 | @@ -2428,6 +2428,13 @@ int mailimap_starttls(mailimap * session) | ||
15 | |||
16 | mailimap_response_free(response); | ||
17 | |||
18 | + // Detect if the server send extra data after the STARTTLS response. | ||
19 | + // This *may* be a "response injection attack". | ||
20 | + if (session->imap_stream->read_buffer_len != 0) { | ||
21 | + // Since it is also an IMAP protocol violation, exit. | ||
22 | + return MAILIMAP_ERROR_STARTTLS; | ||
23 | + } | ||
24 | + | ||
25 | switch (error_code) { | ||
26 | case MAILIMAP_RESP_COND_STATE_OK: | ||
27 | return MAILIMAP_NO_ERROR; | ||
28 | From 298460a2adaabd2f28f417a0f106cb3b68d27df9 Mon Sep 17 00:00:00 2001 | ||
29 | From: Fabian Ising <Murgeye@users.noreply.github.com> | ||
30 | Date: Fri, 24 Jul 2020 19:40:48 +0200 | ||
31 | Subject: [PATCH] Detect extra data after STARTTLS responses in SMTP and POP3 | ||
32 | and exit (#388) | ||
33 | |||
34 | * Detect extra data after STLS response and return error | ||
35 | |||
36 | * Detect extra data after SMTP STARTTLS response and return error | ||
37 | --- | ||
38 | src/low-level/pop3/mailpop3.c | 8 ++++++++ | ||
39 | src/low-level/smtp/mailsmtp.c | 8 ++++++++ | ||
40 | 2 files changed, 16 insertions(+) | ||
41 | |||
42 | diff --git a/src/low-level/pop3/mailpop3.c b/src/low-level/pop3/mailpop3.c | ||
43 | index ab9535be..e2124bf8 100644 | ||
44 | --- a/src/low-level/pop3/mailpop3.c | ||
45 | +++ b/src/low-level/pop3/mailpop3.c | ||
46 | @@ -959,6 +959,14 @@ int mailpop3_stls(mailpop3 * f) | ||
47 | |||
48 | if (r != RESPONSE_OK) | ||
49 | return MAILPOP3_ERROR_STLS_NOT_SUPPORTED; | ||
50 | + | ||
51 | + // Detect if the server send extra data after the STLS response. | ||
52 | + // This *may* be a "response injection attack". | ||
53 | + if (f->pop3_stream->read_buffer_len != 0) { | ||
54 | + // Since it is also protocol violation, exit. | ||
55 | + // There is no error type for STARTTLS errors in POP3 | ||
56 | + return MAILPOP3_ERROR_SSL; | ||
57 | + } | ||
58 | |||
59 | return MAILPOP3_NO_ERROR; | ||
60 | } | ||
61 | diff --git a/src/low-level/smtp/mailsmtp.c b/src/low-level/smtp/mailsmtp.c | ||
62 | index b7fc459e..3145cadf 100644 | ||
63 | --- a/src/low-level/smtp/mailsmtp.c | ||
64 | +++ b/src/low-level/smtp/mailsmtp.c | ||
65 | @@ -1111,6 +1111,14 @@ int mailesmtp_starttls(mailsmtp * session) | ||
66 | return MAILSMTP_ERROR_STREAM; | ||
67 | r = read_response(session); | ||
68 | |||
69 | + // Detect if the server send extra data after the STARTTLS response. | ||
70 | + // This *may* be a "response injection attack". | ||
71 | + if (session->stream->read_buffer_len != 0) { | ||
72 | + // Since it is also protocol violation, exit. | ||
73 | + // There is no general error type for STARTTLS errors in SMTP | ||
74 | + return MAILSMTP_ERROR_SSL; | ||
75 | + } | ||
76 | + | ||
77 | switch (r) { | ||
78 | case 220: | ||
79 | return MAILSMTP_NO_ERROR; | ||