Verified Commit be486878 authored by A. Wilcox's avatar A. Wilcox 🦊
Browse files

user/libetpan: Patch CVE-2020-15953

parent 203d7662
......@@ -2,7 +2,7 @@
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=libetpan
pkgver=1.9.4
pkgrel=0
pkgrel=1
pkgdesc="Mail library for C"
url="https://www.etpan.org/libetpan.html"
arch="all"
......@@ -13,8 +13,14 @@ makedepends="autoconf automake cyrus-sasl-dev db-dev expat-dev libtool
subpackages="$pkgname-dev"
source="libetpan-$pkgver.tar.gz::https://github.com/dinhviethoa/libetpan/archive/$pkgver.tar.gz
missing-header.patch
CVE-2020-15953-a.patch
CVE-2020-15953-b.patch
"
# secfixes:
# 1.9.4-r1:
# - CVE-2020-15953
build() {
./autogen.sh \
--build=$CBUILD \
......@@ -35,4 +41,6 @@ package() {
}
sha512sums="7b7047d084fb4ce0c91821c2ad78e921d6d009106851afb7f5b068713c84ebe6926f6bf7a7423f263eeebef617511e44f6b65448d892bbc058c447235fd55c0f libetpan-1.9.4.tar.gz
df0ba883c9328b7cab408a54f38e6f9c7f5f603b0f016b7ea2e9fa49aa4118ff6723218bb9942f278028291e1c7e9da0bb1d48ab2c471b0ddf5edc3e78a8a1df missing-header.patch"
df0ba883c9328b7cab408a54f38e6f9c7f5f603b0f016b7ea2e9fa49aa4118ff6723218bb9942f278028291e1c7e9da0bb1d48ab2c471b0ddf5edc3e78a8a1df missing-header.patch
17f2773dc7b807178b152293474e2dc05f4a0d708d56ca01a95a33f1a84af3839efa64e318fd18af946640311032e3c7c2e27a2259d9222ce8e175caa161dbc2 CVE-2020-15953-a.patch
61bfa931ce10a5a25caca261f672135f80202e266feaff981ffe994ea5d55d099b127c5734cca02194ad1bd0ef4d7d37a0022640e749a5168a9f56018580de5f CVE-2020-15953-b.patch"
From 8ceb0cf0191f8b374a7f05974b29c6242ce8f752 Mon Sep 17 00:00:00 2001
From: Damian Poddebniak <poddebniak@fh-muenster.de>
Date: Thu, 23 Jul 2020 19:24:45 +0200
Subject: [PATCH] Detect extra data after STARTTLS response and exit
---
src/low-level/imap/mailimap.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/low-level/imap/mailimap.c b/src/low-level/imap/mailimap.c
index bb17119d..4ffcf55d 100644
--- a/src/low-level/imap/mailimap.c
+++ b/src/low-level/imap/mailimap.c
@@ -2428,6 +2428,13 @@ int mailimap_starttls(mailimap * session)
mailimap_response_free(response);
+ // Detect if the server send extra data after the STARTTLS response.
+ // This *may* be a "response injection attack".
+ if (session->imap_stream->read_buffer_len != 0) {
+ // Since it is also an IMAP protocol violation, exit.
+ return MAILIMAP_ERROR_STARTTLS;
+ }
+
switch (error_code) {
case MAILIMAP_RESP_COND_STATE_OK:
return MAILIMAP_NO_ERROR;
From 6068b0fa8310bced874b322b20ac470472c64784 Mon Sep 17 00:00:00 2001
From: Fabian Ising <f.ising@fh-muenster.de>
Date: Fri, 24 Jul 2020 08:56:05 +0200
Subject: [PATCH 1/2] Detect extra data after STLS response and return error
---
src/low-level/pop3/mailpop3.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/low-level/pop3/mailpop3.c b/src/low-level/pop3/mailpop3.c
index ab9535be..e2124bf8 100644
--- a/src/low-level/pop3/mailpop3.c
+++ b/src/low-level/pop3/mailpop3.c
@@ -959,6 +959,14 @@ int mailpop3_stls(mailpop3 * f)
if (r != RESPONSE_OK)
return MAILPOP3_ERROR_STLS_NOT_SUPPORTED;
+
+ // Detect if the server send extra data after the STLS response.
+ // This *may* be a "response injection attack".
+ if (f->pop3_stream->read_buffer_len != 0) {
+ // Since it is also protocol violation, exit.
+ // There is no error type for STARTTLS errors in POP3
+ return MAILPOP3_ERROR_SSL;
+ }
return MAILPOP3_NO_ERROR;
}
From 874ebf7ce9d108c6c1def733f90d156b44fb6ef7 Mon Sep 17 00:00:00 2001
From: Fabian Ising <f.ising@fh-muenster.de>
Date: Fri, 24 Jul 2020 08:56:31 +0200
Subject: [PATCH 2/2] Detect extra data after SMTP STARTTLS response and return
error
---
src/low-level/smtp/mailsmtp.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/low-level/smtp/mailsmtp.c b/src/low-level/smtp/mailsmtp.c
index b7fc459e..3145cadf 100644
--- a/src/low-level/smtp/mailsmtp.c
+++ b/src/low-level/smtp/mailsmtp.c
@@ -1111,6 +1111,14 @@ int mailesmtp_starttls(mailsmtp * session)
return MAILSMTP_ERROR_STREAM;
r = read_response(session);
+ // Detect if the server send extra data after the STARTTLS response.
+ // This *may* be a "response injection attack".
+ if (session->stream->read_buffer_len != 0) {
+ // Since it is also protocol violation, exit.
+ // There is no general error type for STARTTLS errors in SMTP
+ return MAILSMTP_ERROR_SSL;
+ }
+
switch (r) {
case 220:
return MAILSMTP_NO_ERROR;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment