File CVE-2025-53859.patch of Package nginx.40418

From 9c02c84a7443f3d736a1a5eb3f596de9af8a0c9c Mon Sep 17 00:00:00 2001
From: Sergey Kandaurov <pluknet@nginx.com>
Date: Mon, 7 Jul 2025 23:48:44 +0400
Subject: [PATCH] Mail: reset stale auth credentials with "smtp_auth none;".

They might be reused in a session if an SMTP client proceeded
unauthenticated after previous invalid authentication attempts.
This could confuse an authentication server when passing stale
credentials along with "Auth-Method: none".

The condition to send the "Auth-Salt" header is similarly refined.
---
 src/mail/ngx_mail_auth_http_module.c | 5 ++++-
 src/mail/ngx_mail_smtp_handler.c     | 3 +++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/mail/ngx_mail_auth_http_module.c b/src/mail/ngx_mail_auth_http_module.c
index 27f64b92e0d..4ca6d6e24dc 100644
--- a/src/mail/ngx_mail_auth_http_module.c
+++ b/src/mail/ngx_mail_auth_http_module.c
@@ -1321,7 +1321,10 @@ ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool,
     b->last = ngx_copy(b->last, passwd.data, passwd.len);
     *b->last++ = CR; *b->last++ = LF;
 
-    if (s->auth_method != NGX_MAIL_AUTH_PLAIN && s->salt.len) {
+    if ((s->auth_method == NGX_MAIL_AUTH_APOP
+         || s->auth_method == NGX_MAIL_AUTH_CRAM_MD5)
+        && s->salt.len)
+    {
         b->last = ngx_cpymem(b->last, "Auth-Salt: ", sizeof("Auth-Salt: ") - 1);
         b->last = ngx_copy(b->last, s->salt.data, s->salt.len);
 
diff --git a/src/mail/ngx_mail_smtp_handler.c b/src/mail/ngx_mail_smtp_handler.c
index e68ceedfdb5..1e26c2c8d7b 100644
--- a/src/mail/ngx_mail_smtp_handler.c
+++ b/src/mail/ngx_mail_smtp_handler.c
@@ -782,6 +782,9 @@ ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c)
 
     ngx_str_set(&s->out, smtp_ok);
 
+    ngx_str_null(&s->login);
+    ngx_str_null(&s->passwd);
+
     return NGX_OK;
 }