summaryrefslogtreecommitdiff
path: root/user/libetpan/CVE-2020-15953-a.patch
diff options
context:
space:
mode:
Diffstat (limited to 'user/libetpan/CVE-2020-15953-a.patch')
-rw-r--r--user/libetpan/CVE-2020-15953-a.patch27
1 files changed, 27 insertions, 0 deletions
diff --git a/user/libetpan/CVE-2020-15953-a.patch b/user/libetpan/CVE-2020-15953-a.patch
new file mode 100644
index 000000000..1130e3a51
--- /dev/null
+++ b/user/libetpan/CVE-2020-15953-a.patch
@@ -0,0 +1,27 @@
+From 8ceb0cf0191f8b374a7f05974b29c6242ce8f752 Mon Sep 17 00:00:00 2001
+From: Damian Poddebniak <poddebniak@fh-muenster.de>
+Date: Thu, 23 Jul 2020 19:24:45 +0200
+Subject: [PATCH] Detect extra data after STARTTLS response and exit
+
+---
+ src/low-level/imap/mailimap.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/low-level/imap/mailimap.c b/src/low-level/imap/mailimap.c
+index bb17119d..4ffcf55d 100644
+--- a/src/low-level/imap/mailimap.c
++++ b/src/low-level/imap/mailimap.c
+@@ -2428,6 +2428,13 @@ int mailimap_starttls(mailimap * session)
+
+ mailimap_response_free(response);
+
++ // Detect if the server send extra data after the STARTTLS response.
++ // This *may* be a "response injection attack".
++ if (session->imap_stream->read_buffer_len != 0) {
++ // Since it is also an IMAP protocol violation, exit.
++ return MAILIMAP_ERROR_STARTTLS;
++ }
++
+ switch (error_code) {
+ case MAILIMAP_RESP_COND_STATE_OK:
+ return MAILIMAP_NO_ERROR;