CVE-2020-16118: imap-handle: Do not crash on PREAUTH greeting (4e245d75) · Commits · GNOME / balsa · GitLab

Commit 4e245d75 authored Feb 16, 2020 by Committed by Peter Bloomfield Feb 16, 2020

Browse files

imap-handle: Do not crash on PREAUTH greeting

when it hasn’t resulted in storing last-message.

* libbalsa/imap/imap-handle.c (imap_mbox_connect): do not dereference NULL ImapHandle:last_msg; (ir_preauth): parse a PREAUTH greeting the same as an OK greeting.

Fixes #23

• Changes 2

2020-02-16 Albrecht Dreß [email protected]

imap-handle: Do not crash on PREAUTH greeting

when it hasn’t resulted in storing last-message.

* libbalsa/imap/imap-handle.c (imap_mbox_connect): do not

dereference NULL ImapHandle:last_msg;

(ir_preauth): parse PREAUTH greeting the same as OK.

Fixes https://gitlab.gnome.org/GNOME/balsa/issues/23

2020-02-07 Peter Bloomfield [email protected]

mailbox: Sort when new details about a message are found

…

…

…

…

@@ -699,7 +699,7 @@ imap_mbox_connect(ImapMboxHandle* handle)

imap_handle_disconnect(handle);

return IMAP_PROTOCOL_ERROR;

}

handle->can_fetch_body =

handle->can_fetch_body = (handle->last_msg != NULL) &&

(strncmp(handle->last_msg, "Microsoft Exchange", 18) != 0);

if((handle->tls_mode == NET_CLIENT_CRYPT_ENCRYPTED) ||

(handle->tls_mode == NET_CLIENT_CRYPT_NONE)) {

…

…

@@ -2344,9 +2344,13 @@ ir_bad(ImapMboxHandle *h)

static ImapResponse

ir_preauth(ImapMboxHandle *h)

{

if(imap_mbox_handle_get_state(h) == IMHS_CONNECTED)

imap_mbox_handle_set_state(h, IMHS_AUTHENTICATED);

return IMR_OK;

ImapResponse resp;

resp = ir_ok(h);

if ((resp == IMR_OK) && (imap_mbox_handle_get_state(h) == IMHS_CONNECTED)) {

imap_mbox_handle_set_state(h, IMHS_AUTHENTICATED);

}

return resp;

}

/* ir_bye:

…

…