Overview

File cyrus-imapd-STARTTLS-plaintext-command-injection.patch of Package cyrus-imapd

--- cyrus-imapd-2.3.14.orig/imap/imapd.c	2011-07-19 07:55:12.408605642 +0200
+++ cyrus-imapd-2.3.14/imap/imapd.c	2011-07-19 07:44:40.182964040 +0200
@@ -1738,6 +1738,9 @@
 		if (c == '\r') c = prot_getc(imapd_in);
 		if (c != '\n') goto extraargs;
 
+		/* XXX  discard any input pipelined after STARTTLS */
+		prot_flush(imapd_in);
+
 		/* if we've already done SASL fail */
 		if (imapd_userid != NULL) {
 		    prot_printf(imapd_out, 
--- cyrus-imapd-2.3.14.orig/imap/lmtpengine.c	2011-07-19 07:55:12.421605573 +0200
+++ cyrus-imapd-2.3.14/imap/lmtpengine.c	2011-07-19 07:45:39.693647918 +0200
@@ -1576,6 +1576,9 @@
 		sasl_ssf_t ssf;
 		char *auth_id;
 
+		/* XXX  discard any input pipelined after STARTTLS */
+		prot_flush(pin);
+
 		/* SASL and openssl have different ideas
 		   about whether ssf is signed */
 		layerp = (int *) &ssf;
--- cyrus-imapd-2.3.14.orig/imap/mupdate.c	2009-02-09 06:01:58.000000000 +0100
+++ cyrus-imapd-2.3.14/imap/mupdate.c	2011-07-19 07:27:33.024420330 +0200
@@ -911,6 +911,9 @@
 	if (!strcmp(c->cmd.s, "Starttls")) {
 	    CHECKNEWLINE(c, ch);
 	    
+	    /* XXX  discard any input pipelined after STARTTLS */
+	    prot_flush(c->pin);
+
 	    if (!tls_enabled()) {
 		/* we don't support starttls */
 		goto badcmd;
--- cyrus-imapd-2.3.14.orig/imap/nntpd.c	2009-02-09 06:01:58.000000000 +0100
+++ cyrus-imapd-2.3.14/imap/nntpd.c	2011-07-19 07:46:45.580297928 +0200
@@ -1405,6 +1405,9 @@
 		if (c == '\r') c = prot_getc(nntp_in);
 		if (c != '\n') goto extraargs;
 
+		/* XXX  discard any input pipelined after STARTTLS */
+		prot_flush(nntp_in);
+
 		cmd_starttls(0);
 	    }
 	    else if (!strcmp(cmd.s, "Stat")) {
--- cyrus-imapd-2.3.14.orig/imap/pop3d.c	2011-07-19 07:55:12.411605626 +0200
+++ cyrus-imapd-2.3.14/imap/pop3d.c	2011-07-19 07:47:34.414038519 +0200
@@ -874,6 +874,9 @@
 		prot_printf(popd_out,
 			    "-ERR STLS doesn't take any arguments\r\n");
 	    } else {
+		    /* XXX  discard any input pipelined after STLS */
+		    prot_flush(popd_in);
+
 		cmd_starttls(0);
 	    }
 	}
--- cyrus-imapd-2.3.14.orig/imap/sync_server.c	2009-02-09 06:02:54.000000000 +0100
+++ cyrus-imapd-2.3.14/imap/sync_server.c	2011-07-19 07:49:04.331560879 +0200
@@ -888,6 +888,9 @@
 	    if (!strcmp(cmd.s, "Starttls") && tls_enabled()) {
 		if (c == '\r') c = prot_getc(sync_in);
 		if (c != '\n') goto extraargs;
+ 
+		/* XXX  discard any input pipelined after STARTTLS */
+		prot_flush(sync_in);
 
 		/* if we've already done SASL fail */
 		if (sync_userid != NULL) {
--- cyrus-imapd-2.3.14.orig/lib/prot.c	2009-02-16 19:13:22.000000000 +0100
+++ cyrus-imapd-2.3.14/lib/prot.c	2011-07-19 07:51:06.062914237 +0200
@@ -561,10 +561,29 @@
 }
 
 /*
+ * If 's' is an input stream, discard any pending/buffered data.  Otherwise,
  * Write out any buffered data in the stream 's'
  */
 int prot_flush(struct protstream *s) 
 {
+    if (!s->write) {
+	int c, save_dontblock = s->dontblock;
+
+	/* Set stream to nonblocking mode */
+	if (!save_dontblock) nonblock(s->fd, (s->dontblock = 1));
+
+	/* Ingest any pending input */
+	while ((c = prot_fill(s)) != EOF);
+
+	/* Reset stream to previous blocking mode */
+	if (!save_dontblock) nonblock(s->fd, (s->dontblock = 0));
+
+	/* Discard any buffered input */
+	s->cnt = 0;
+
+	return 0;
+    }
+
     return prot_flush_internal(s, 1);
 }
 
--- cyrus-imapd-2.3.14.orig/timsieved/parser.c	2009-02-09 06:01:59.000000000 +0100
+++ cyrus-imapd-2.3.14/timsieved/parser.c	2011-07-19 07:52:49.687363778 +0200
@@ -442,6 +442,9 @@
       goto error;
     }
 
+    /* XXX  discard any input pipelined after STARTTLS */
+    prot_flush(sieved_in);
+
     if(referral_host)
 	goto do_referral;
openSUSE Build Service is sponsored by
Places