diff options
Diffstat (limited to 'user/libetpan/CVE-2020-15953-a.patch')
-rw-r--r-- | user/libetpan/CVE-2020-15953-a.patch | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/user/libetpan/CVE-2020-15953-a.patch b/user/libetpan/CVE-2020-15953-a.patch new file mode 100644 index 000000000..1130e3a51 --- /dev/null +++ b/user/libetpan/CVE-2020-15953-a.patch @@ -0,0 +1,27 @@ +From 8ceb0cf0191f8b374a7f05974b29c6242ce8f752 Mon Sep 17 00:00:00 2001 +From: Damian Poddebniak <poddebniak@fh-muenster.de> +Date: Thu, 23 Jul 2020 19:24:45 +0200 +Subject: [PATCH] Detect extra data after STARTTLS response and exit + +--- + src/low-level/imap/mailimap.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/low-level/imap/mailimap.c b/src/low-level/imap/mailimap.c +index bb17119d..4ffcf55d 100644 +--- a/src/low-level/imap/mailimap.c ++++ b/src/low-level/imap/mailimap.c +@@ -2428,6 +2428,13 @@ int mailimap_starttls(mailimap * session) + + mailimap_response_free(response); + ++ // Detect if the server send extra data after the STARTTLS response. ++ // This *may* be a "response injection attack". ++ if (session->imap_stream->read_buffer_len != 0) { ++ // Since it is also an IMAP protocol violation, exit. ++ return MAILIMAP_ERROR_STARTTLS; ++ } ++ + switch (error_code) { + case MAILIMAP_RESP_COND_STATE_OK: + return MAILIMAP_NO_ERROR; |