From 3cf7c3ef441822c889356fd1812ebf2944a59851 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Tue, 25 Aug 2020 10:45:55 +0100 Subject: gentoo resync : 25.08.2020 --- .../files/libetpan-1.9.4-CVE-2020-15953.patch | 86 ++++++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 net-libs/libetpan/files/libetpan-1.9.4-CVE-2020-15953.patch (limited to 'net-libs/libetpan/files/libetpan-1.9.4-CVE-2020-15953.patch') diff --git a/net-libs/libetpan/files/libetpan-1.9.4-CVE-2020-15953.patch b/net-libs/libetpan/files/libetpan-1.9.4-CVE-2020-15953.patch new file mode 100644 index 000000000000..19e573569fad --- /dev/null +++ b/net-libs/libetpan/files/libetpan-1.9.4-CVE-2020-15953.patch @@ -0,0 +1,86 @@ +From 1002a0121a8f5a9aee25357769807f2c519fa50b Mon Sep 17 00:00:00 2001 +From: Damian Poddebniak +Date: Fri, 24 Jul 2020 19:39:53 +0200 +Subject: [PATCH 1/2] Detect extra data after STARTTLS response and exit (#387) + +--- + src/low-level/imap/mailimap.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/low-level/imap/mailimap.c b/src/low-level/imap/mailimap.c +index bb17119..4ffcf55 100644 +--- a/src/low-level/imap/mailimap.c ++++ b/src/low-level/imap/mailimap.c +@@ -2428,6 +2428,13 @@ int mailimap_starttls(mailimap * session) + + mailimap_response_free(response); + ++ // Detect if the server send extra data after the STARTTLS response. ++ // This *may* be a "response injection attack". ++ if (session->imap_stream->read_buffer_len != 0) { ++ // Since it is also an IMAP protocol violation, exit. ++ return MAILIMAP_ERROR_STARTTLS; ++ } ++ + switch (error_code) { + case MAILIMAP_RESP_COND_STATE_OK: + return MAILIMAP_NO_ERROR; +-- +2.28.0 + + +From 298460a2adaabd2f28f417a0f106cb3b68d27df9 Mon Sep 17 00:00:00 2001 +From: Fabian Ising +Date: Fri, 24 Jul 2020 19:40:48 +0200 +Subject: [PATCH 2/2] Detect extra data after STARTTLS responses in SMTP and + POP3 and exit (#388) + +* Detect extra data after STLS response and return error + +* Detect extra data after SMTP STARTTLS response and return error +--- + src/low-level/pop3/mailpop3.c | 8 ++++++++ + src/low-level/smtp/mailsmtp.c | 8 ++++++++ + 2 files changed, 16 insertions(+) + +diff --git a/src/low-level/pop3/mailpop3.c b/src/low-level/pop3/mailpop3.c +index ab9535b..e2124bf 100644 +--- a/src/low-level/pop3/mailpop3.c ++++ b/src/low-level/pop3/mailpop3.c +@@ -959,6 +959,14 @@ int mailpop3_stls(mailpop3 * f) + + if (r != RESPONSE_OK) + return MAILPOP3_ERROR_STLS_NOT_SUPPORTED; ++ ++ // Detect if the server send extra data after the STLS response. ++ // This *may* be a "response injection attack". ++ if (f->pop3_stream->read_buffer_len != 0) { ++ // Since it is also protocol violation, exit. ++ // There is no error type for STARTTLS errors in POP3 ++ return MAILPOP3_ERROR_SSL; ++ } + + return MAILPOP3_NO_ERROR; + } +diff --git a/src/low-level/smtp/mailsmtp.c b/src/low-level/smtp/mailsmtp.c +index b7fc459..3145cad 100644 +--- a/src/low-level/smtp/mailsmtp.c ++++ b/src/low-level/smtp/mailsmtp.c +@@ -1111,6 +1111,14 @@ int mailesmtp_starttls(mailsmtp * session) + return MAILSMTP_ERROR_STREAM; + r = read_response(session); + ++ // Detect if the server send extra data after the STARTTLS response. ++ // This *may* be a "response injection attack". ++ if (session->stream->read_buffer_len != 0) { ++ // Since it is also protocol violation, exit. ++ // There is no general error type for STARTTLS errors in SMTP ++ return MAILSMTP_ERROR_SSL; ++ } ++ + switch (r) { + case 220: + return MAILSMTP_NO_ERROR; +-- +2.28.0 + -- cgit v1.2.3