summaryrefslogtreecommitdiff
path: root/user/libetpan/CVE-2020-15953-a.patch
diff options
context:
space:
mode:
authorA. Wilcox <AWilcox@Wilcox-Tech.com>2020-09-23 04:24:59 +0000
committerA. Wilcox <AWilcox@Wilcox-Tech.com>2020-09-23 04:24:59 +0000
commitbe4868783737aeb41ec84bb4d3739e4c8e9534cf (patch)
tree2b932b3726886e1b92ba8689b30788f7c94b6971 /user/libetpan/CVE-2020-15953-a.patch
parent203d76622b113543ee679925cb99d7e3f2ccbe05 (diff)
downloadpackages-be4868783737aeb41ec84bb4d3739e4c8e9534cf.tar.gz
packages-be4868783737aeb41ec84bb4d3739e4c8e9534cf.tar.bz2
packages-be4868783737aeb41ec84bb4d3739e4c8e9534cf.tar.xz
packages-be4868783737aeb41ec84bb4d3739e4c8e9534cf.zip
user/libetpan: Patch CVE-2020-15953
Diffstat (limited to 'user/libetpan/CVE-2020-15953-a.patch')
-rw-r--r--user/libetpan/CVE-2020-15953-a.patch27
1 files changed, 27 insertions, 0 deletions
diff --git a/user/libetpan/CVE-2020-15953-a.patch b/user/libetpan/CVE-2020-15953-a.patch
new file mode 100644
index 000000000..1130e3a51
--- /dev/null
+++ b/user/libetpan/CVE-2020-15953-a.patch
@@ -0,0 +1,27 @@
+From 8ceb0cf0191f8b374a7f05974b29c6242ce8f752 Mon Sep 17 00:00:00 2001
+From: Damian Poddebniak <poddebniak@fh-muenster.de>
+Date: Thu, 23 Jul 2020 19:24:45 +0200
+Subject: [PATCH] Detect extra data after STARTTLS response and exit
+
+---
+ src/low-level/imap/mailimap.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/low-level/imap/mailimap.c b/src/low-level/imap/mailimap.c
+index bb17119d..4ffcf55d 100644
+--- a/src/low-level/imap/mailimap.c
++++ b/src/low-level/imap/mailimap.c
+@@ -2428,6 +2428,13 @@ int mailimap_starttls(mailimap * session)
+
+ mailimap_response_free(response);
+
++ // Detect if the server send extra data after the STARTTLS response.
++ // This *may* be a "response injection attack".
++ if (session->imap_stream->read_buffer_len != 0) {
++ // Since it is also an IMAP protocol violation, exit.
++ return MAILIMAP_ERROR_STARTTLS;
++ }
++
+ switch (error_code) {
+ case MAILIMAP_RESP_COND_STATE_OK:
+ return MAILIMAP_NO_ERROR;
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-11-02 04:58:45 +0000