Projects
Eulaceura:Mainline:GA
libetpan
_service:obs_scm:libetpan-1.9.4-0001-Detect-ext...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:obs_scm:libetpan-1.9.4-0001-Detect-extra-data-after-STARTTLS-response-and-exit-3.patch of Package libetpan
From 1002a0121a8f5a9aee25357769807f2c519fa50b Mon Sep 17 00:00:00 2001 From: Damian Poddebniak <duesee@users.noreply.github.com> Date: Fri, 24 Jul 2020 19:39:53 +0200 Subject: [PATCH 1/2] Detect extra data after STARTTLS response and exit (#387) --- src/low-level/imap/mailimap.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/low-level/imap/mailimap.c b/src/low-level/imap/mailimap.c index bb17119..4ffcf55 100644 --- a/src/low-level/imap/mailimap.c +++ b/src/low-level/imap/mailimap.c @@ -2428,6 +2428,13 @@ int mailimap_starttls(mailimap * session) mailimap_response_free(response); + // Detect if the server send extra data after the STARTTLS response. + // This *may* be a "response injection attack". + if (session->imap_stream->read_buffer_len != 0) { + // Since it is also an IMAP protocol violation, exit. + return MAILIMAP_ERROR_STARTTLS; + } + switch (error_code) { case MAILIMAP_RESP_COND_STATE_OK: return MAILIMAP_NO_ERROR; -- 2.26.2
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2