File 3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01.patch of Package mutt.17505

From 3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01 Mon Sep 17 00:00:00 2001
From: Kevin McCarthy <kevin@8t8.us>
Date: Sun, 14 Jun 2020 11:30:00 -0700
Subject: [PATCH] Prevent possible IMAP MITM via PREAUTH response.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This is similar to CVE-2014-2567 and CVE-2020-12398.  STARTTLS is not
allowed in the Authenticated state, so previously Mutt would
implicitly mark the connection as authenticated and skip any
encryption checking/enabling.

No credentials are exposed, but it does allow messages to be sent to
an attacker, via postpone or fcc'ing for instance.

Reuse the $ssl_starttls quadoption "in reverse" to prompt to abort the
connection if it is unencrypted.

Thanks very much to Damian Poddebniak and Fabian Ising from the
M√ľnster University of Applied Sciences for reporting this issue, and
their help in testing the fix.
---
 imap/imap.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git imap/imap.c imap/imap.c
index 63362176..3ca10df4 100644
--- imap/imap.c
+++ imap/imap.c
@@ -530,6 +530,22 @@ int imap_open_connection (IMAP_DATA* idata)
   }
   else if (ascii_strncasecmp ("* PREAUTH", idata->buf, 9) == 0)
   {
+#if defined(USE_SSL)
+    /* An unencrypted PREAUTH response is most likely a MITM attack.
+     * Require a confirmation. */
+    if (!idata->conn->ssf)
+    {
+      if (option(OPTSSLFORCETLS) ||
+          (query_quadoption (OPT_SSLSTARTTLS,
+                             _("Abort unencrypted PREAUTH connection?")) != MUTT_NO))
+      {
+        mutt_error _("Encrypted connection unavailable");
+        mutt_sleep (1);
+        goto err_close_conn;
+      }
+    }
+#endif
+
     idata->state = IMAP_AUTHENTICATED;
     if (imap_check_capabilities (idata) != 0)
       goto bail;
-- 
2.26.2
openSUSE Build Service is sponsored by