diff options
| author | CyberLeo <cyberleo@cyberleo.net> | 2021-07-22 21:02:46 -0500 |
|---|---|---|
| committer | CyberLeo <cyberleo@cyberleo.net> | 2021-07-22 21:02:46 -0500 |
| commit | 59068642667b2748b2f24d18c58b1d2fdfed7619 (patch) | |
| tree | deca4d721637676253ed1270f252f8d389286151 /user/libetpan/CVE-2020-15953-b.patch | |
| parent | 4a177049e3d486da3f54d346d63ea80699c08b5b (diff) | |
| parent | 50e523c03bbcb6be1298e3dedb0441b7e47ab2eb (diff) | |
| download | packages-59068642667b2748b2f24d18c58b1d2fdfed7619.tar.gz packages-59068642667b2748b2f24d18c58b1d2fdfed7619.tar.bz2 packages-59068642667b2748b2f24d18c58b1d2fdfed7619.tar.xz packages-59068642667b2748b2f24d18c58b1d2fdfed7619.zip | |
Merge branch 'master' into kpartx
Diffstat (limited to 'user/libetpan/CVE-2020-15953-b.patch')
| -rw-r--r-- | user/libetpan/CVE-2020-15953-b.patch | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/user/libetpan/CVE-2020-15953-b.patch b/user/libetpan/CVE-2020-15953-b.patch new file mode 100644 index 000000000..95e0385bb --- /dev/null +++ b/user/libetpan/CVE-2020-15953-b.patch @@ -0,0 +1,58 @@ +From 6068b0fa8310bced874b322b20ac470472c64784 Mon Sep 17 00:00:00 2001 +From: Fabian Ising <f.ising@fh-muenster.de> +Date: Fri, 24 Jul 2020 08:56:05 +0200 +Subject: [PATCH 1/2] Detect extra data after STLS response and return error + +--- + src/low-level/pop3/mailpop3.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/low-level/pop3/mailpop3.c b/src/low-level/pop3/mailpop3.c +index ab9535be..e2124bf8 100644 +--- a/src/low-level/pop3/mailpop3.c ++++ b/src/low-level/pop3/mailpop3.c +@@ -959,6 +959,14 @@ int mailpop3_stls(mailpop3 * f) + + if (r != RESPONSE_OK) + return MAILPOP3_ERROR_STLS_NOT_SUPPORTED; ++ ++ // Detect if the server send extra data after the STLS response. ++ // This *may* be a "response injection attack". ++ if (f->pop3_stream->read_buffer_len != 0) { ++ // Since it is also protocol violation, exit. ++ // There is no error type for STARTTLS errors in POP3 ++ return MAILPOP3_ERROR_SSL; ++ } + + return MAILPOP3_NO_ERROR; + } + +From 874ebf7ce9d108c6c1def733f90d156b44fb6ef7 Mon Sep 17 00:00:00 2001 +From: Fabian Ising <f.ising@fh-muenster.de> +Date: Fri, 24 Jul 2020 08:56:31 +0200 +Subject: [PATCH 2/2] Detect extra data after SMTP STARTTLS response and return + error + +--- + src/low-level/smtp/mailsmtp.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/low-level/smtp/mailsmtp.c b/src/low-level/smtp/mailsmtp.c +index b7fc459e..3145cadf 100644 +--- a/src/low-level/smtp/mailsmtp.c ++++ b/src/low-level/smtp/mailsmtp.c +@@ -1111,6 +1111,14 @@ int mailesmtp_starttls(mailsmtp * session) + return MAILSMTP_ERROR_STREAM; + r = read_response(session); + ++ // Detect if the server send extra data after the STARTTLS response. ++ // This *may* be a "response injection attack". ++ if (session->stream->read_buffer_len != 0) { ++ // Since it is also protocol violation, exit. ++ // There is no general error type for STARTTLS errors in SMTP ++ return MAILSMTP_ERROR_SSL; ++ } ++ + switch (r) { + case 220: + return MAILSMTP_NO_ERROR; |