Headline
CVE-2020-16118: imap-handle: Do not crash on PREAUTH greeting (4e245d75) · Commits · GNOME / balsa · GitLab
In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.
Commit 4e245d75 authored Feb 16, 2020 by Committed by Peter Bloomfield Feb 16, 2020
Browse files
imap-handle: Do not crash on PREAUTH greeting
when it hasn’t resulted in storing last-message.
* libbalsa/imap/imap-handle.c (imap_mbox_connect): do not dereference NULL ImapHandle:last_msg; (ir_preauth): parse a PREAUTH greeting the same as an OK greeting.
Fixes #23
- Changes 2
2020-02-16 Albrecht Dreß [email protected]
imap-handle: Do not crash on PREAUTH greeting
when it hasn’t resulted in storing last-message.
* libbalsa/imap/imap-handle.c (imap_mbox_connect): do not
dereference NULL ImapHandle:last_msg;
(ir_preauth): parse PREAUTH greeting the same as OK.
Fixes https://gitlab.gnome.org/GNOME/balsa/issues/23
2020-02-07 Peter Bloomfield [email protected]
mailbox: Sort when new details about a message are found
…
…
…
…
@@ -699,7 +699,7 @@ imap_mbox_connect(ImapMboxHandle* handle)
imap_handle_disconnect(handle);
return IMAP_PROTOCOL_ERROR;
}
handle->can_fetch_body =
handle->can_fetch_body = (handle->last_msg != NULL) &&
(strncmp(handle->last_msg, "Microsoft Exchange", 18) != 0);
if((handle->tls_mode == NET_CLIENT_CRYPT_ENCRYPTED) ||
(handle->tls_mode == NET_CLIENT_CRYPT_NONE)) {
…
…
@@ -2344,9 +2344,13 @@ ir_bad(ImapMboxHandle *h)
static ImapResponse
ir_preauth(ImapMboxHandle *h)
{
if(imap_mbox_handle_get_state(h) == IMHS_CONNECTED)
imap_mbox_handle_set_state(h, IMHS_AUTHENTICATED);
return IMR_OK;
ImapResponse resp;
resp = ir_ok(h);
if ((resp == IMR_OK) && (imap_mbox_handle_get_state(h) == IMHS_CONNECTED)) {
imap_mbox_handle_set_state(h, IMHS_AUTHENTICATED);
}
return resp;
}
/* ir_bye:
…
…
Related news
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.
In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS.