From 000edd9036b6aea5e6a06900ecd6c58faec665ab Mon Sep 17 00:00:00 2001 From: Eduardo Chappa Date: Thu, 18 Jun 2020 03:25:29 -0600 Subject: [PATCH] =?utf8?q?=20=20*=20Security=20Bug:=20Alpine=20can=20be=20?= =?utf8?q?configured=20to=20start=20a=20secure=20connection=20using=20/tls?= =?utf8?q?=20=20=20=20=20on=20an=20insecure=20connection.=20However,=20if?= =?utf8?q?=20the=20connection=20is=20PREAUTH,=20Alpine=20=20=20=20=20will?= =?utf8?q?=20not=20upgrade=20the=20connection=20to=20a=20secure=20connecti?= =?utf8?q?on,=20because=20a=20client=20=20=20=20=20must=20not=20issue=20a?= =?utf8?q?=20STARTTLS=20to=20a=20server=20that=20supports=20it=20in=20auth?= =?utf8?q?enticated=20=20=20=20=20state.=20This=20makes=20Alpine=20continu?= =?utf8?q?e=20to=20use=20an=20insecure=20connection=20with=20the=20=20=20?= =?utf8?q?=20=20server,=20exposing=20user=20data.=20Reported=20by=20Damian?= =?utf8?q?=20Poddebniak=20and=20Fabian=20=20=20=20=20Ising,=20from=20M?= =?utf8?q?=C3=BCnster=20University=20of=20Applied=20Sciences.?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- imap/src/c-client/imap4r1.c | 12 +++++++++++- pith/pine.hlp | 10 +++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/imap/src/c-client/imap4r1.c b/imap/src/c-client/imap4r1.c index 2233da6..4991f85 100644 --- a/imap/src/c-client/imap4r1.c +++ b/imap/src/c-client/imap4r1.c @@ -1,7 +1,7 @@ /* * Copyright 2016-2020 Eduardo Chappa * - * Last Edited: Jan 26, 2020 Eduardo Chappa + * Last Edited: Jun 18, 2020 Eduardo Chappa * */ /* ======================================================================== @@ -891,6 +891,16 @@ MAILSTREAM *imap_open (MAILSTREAM *stream) return NIL; /* lost during greeting */ } + /* STARTTLS is not allowed in PREAUTH state */ + if (LOCAL->netstream && !strcmp (reply->key,"PREAUTH")){ + sslstart_t stls = (sslstart_t) mail_parameters (NIL,GET_SSLSTART,NIL); + if (!LOCAL->gotcapability) imap_capability (stream); + if (LOCAL->netstream + && stls && LOCAL->cap.starttls && !mb.sslflag && !mb.notlsflag && mb.tlsflag){ + mm_log("STARTTLS not allowed on PREAUTH state. Closing Connection", ERROR); + return NIL; + } + } /* if connected and not preauthenticated */ if (LOCAL->netstream && strcmp (reply->key,"PREAUTH")) { sslstart_t stls = (sslstart_t) mail_parameters (NIL,GET_SSLSTART,NIL); diff --git a/pith/pine.hlp b/pith/pine.hlp index 850a84b..eb20666 100644 --- a/pith/pine.hlp +++ b/pith/pine.hlp @@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any reasonable place to be called from. Dummy change to get revision in pine.hlp ============= h_revision ================= -Alpine Commit 450 2020-06-17 12:40:13 +Alpine Commit 451 2020-06-18 03:25:21 ============= h_news ================= @@ -243,6 +243,14 @@ problems you find with this release. Bugs addressed:
    +
  • Security Bug: Alpine can be configured to start a secure connection using /tls + on an insecure connection. However, if the connection is PREAUTH, Alpine + will not upgrade the connection to a secure connection, because a client + must not issue a STARTTLS to a server that supports it in authenticated + state. This makes Alpine continue to use an insecure connection with the + server, exposing user data. Reported by Damian Poddebniak and Fabian + Ising from Münster University of Applied Sciences. +
  • Selecting by subject might not copy the subject of the current message to the selection text correctly. Reported by Iosif Fettich. -- 2.11.4.GIT