Sophie

Sophie

distrib > Mageia > cauldron > x86_64 > media > core-release-src > by-pkgid > bead1caf598ddade66a8b1d20c0d623f > files > 3

c-client-2007f-17.mga9.src.rpm

From 000edd9036b6aea5e6a06900ecd6c58faec665ab Mon Sep 17 00:00:00 2001
From: Eduardo Chappa <chappa@washington.edu>
Date: Thu, 18 Jun 2020 03:25:29 -0600
Subject: [PATCH] =?utf8?q?=20=20*=20Security=20Bug:=20Alpine=20can=20be=20?=
 =?utf8?q?configured=20to=20start=20a=20secure=20connection=20using=20/tls?=
 =?utf8?q?=20=20=20=20=20on=20an=20insecure=20connection.=20However,=20if?=
 =?utf8?q?=20the=20connection=20is=20PREAUTH,=20Alpine=20=20=20=20=20will?=
 =?utf8?q?=20not=20upgrade=20the=20connection=20to=20a=20secure=20connecti?=
 =?utf8?q?on,=20because=20a=20client=20=20=20=20=20must=20not=20issue=20a?=
 =?utf8?q?=20STARTTLS=20to=20a=20server=20that=20supports=20it=20in=20auth?=
 =?utf8?q?enticated=20=20=20=20=20state.=20This=20makes=20Alpine=20continu?=
 =?utf8?q?e=20to=20use=20an=20insecure=20connection=20with=20the=20=20=20?=
 =?utf8?q?=20=20server,=20exposing=20user=20data.=20Reported=20by=20Damian?=
 =?utf8?q?=20Poddebniak=20and=20Fabian=20=20=20=20=20Ising,=20from=20M?=
 =?utf8?q?=C3=BCnster=20University=20of=20Applied=20Sciences.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

---
 imap/src/c-client/imap4r1.c | 10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/imap/src/c-client/imap4r1.c b/imap/src/c-client/imap4r1.c
index 2233da6..4991f85 100644
--- a/imap/src/c-client/imap4r1.c
+++ b/imap/src/c-client/imap4r1.c
@@ -873,6 +873,16 @@ MAILSTREAM *imap_open (MAILSTREAM *stream)
       return NIL;		/* lost during greeting */
     }
 
+				/* STARTTLS is not allowed in PREAUTH state */
+    if (LOCAL->netstream && !strcmp (reply->key,"PREAUTH")){
+      sslstart_t stls = (sslstart_t) mail_parameters (NIL,GET_SSLSTART,NIL);
+      if (!LOCAL->gotcapability) imap_capability (stream);
+      if (LOCAL->netstream
+	 && stls && LOCAL->cap.starttls && !mb.sslflag && !mb.notlsflag && mb.tlsflag){
+	 mm_log("STARTTLS not allowed on PREAUTH state. Closing Connection", ERROR);
+	 return NIL;
+      }
+    }
 				/* if connected and not preauthenticated */
     if (LOCAL->netstream && strcmp (reply->key,"PREAUTH")) {
       sslstart_t stls = (sslstart_t) mail_parameters (NIL,GET_SSLSTART,NIL);
-- 
2.11.4.GIT

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional