Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
evolution-data-server
CVE-2020-14928.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2020-14928.patch of Package evolution-data-server
From f404f33fb01b23903c2bbb16791c7907e457fbac Mon Sep 17 00:00:00 2001 From: Milan Crha <mcrha@redhat.com> Date: Mon, 22 Jun 2020 13:42:41 +0200 Subject: [PATCH] I#226 - CVE-2020-14928: Response Injection via STARTTLS in SMTP and POP3 Closes https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226 --- src/camel/camel-stream-buffer.c | 19 +++++++++++++++++++ src/camel/camel-stream-buffer.h | 1 + src/camel/providers/pop3/camel-pop3-store.c | 2 ++ src/camel/providers/pop3/camel-pop3-stream.c | 11 +++++++++++ src/camel/providers/pop3/camel-pop3-stream.h | 1 + .../providers/smtp/camel-smtp-transport.c | 2 ++ 6 files changed, 36 insertions(+) diff --git a/src/camel/camel-stream-buffer.c b/src/camel/camel-stream-buffer.c index 3e2e0dd36..d39fd8bdb 100644 --- a/src/camel/camel-stream-buffer.c +++ b/src/camel/camel-stream-buffer.c @@ -518,3 +518,22 @@ camel_stream_buffer_read_line (CamelStreamBuffer *sbf, return g_strdup ((gchar *) sbf->priv->linebuf); } + +/** + * camel_stream_buffer_truncate: + * @sbf: a #CamelStreamBuffer + * + * Truncates any cached data in the @sbf. The next read reads + * from the stream. + * + * Since: 3.36.4 + **/ +void +camel_stream_buffer_truncate (CamelStreamBuffer *sbf) +{ + g_return_if_fail (CAMEL_IS_STREAM_BUFFER (sbf)); + + sbf->priv->ptr = sbf->priv->buf; + sbf->priv->end = sbf->priv->buf; + sbf->priv->ptr[0] = '\0'; +} diff --git a/src/camel/camel-stream-buffer.h b/src/camel/camel-stream-buffer.h index ef92cfd8e..094e9926b 100644 --- a/src/camel/camel-stream-buffer.h +++ b/src/camel/camel-stream-buffer.h @@ -93,6 +93,7 @@ gint camel_stream_buffer_gets (CamelStreamBuffer *sbf, gchar * camel_stream_buffer_read_line (CamelStreamBuffer *sbf, GCancellable *cancellable, GError **error); +void camel_stream_buffer_truncate (CamelStreamBuffer *sbf); G_END_DECLS diff --git a/src/camel/providers/pop3/camel-pop3-store.c b/src/camel/providers/pop3/camel-pop3-store.c index 81c370f0a..5c9eb1eaa 100644 --- a/src/camel/providers/pop3/camel-pop3-store.c +++ b/src/camel/providers/pop3/camel-pop3-store.c @@ -205,6 +205,8 @@ connect_to_server (CamelService *service, if (tls_stream != NULL) { camel_stream_set_base_stream (stream, tls_stream); + /* Truncate any left cached input from the insecure part of the session */ + camel_pop3_stream_truncate (pop3_engine->stream); g_object_unref (tls_stream); } else { g_prefix_error ( diff --git a/src/camel/providers/pop3/camel-pop3-stream.c b/src/camel/providers/pop3/camel-pop3-stream.c index 74bb11e61..c485b9bd6 100644 --- a/src/camel/providers/pop3/camel-pop3-stream.c +++ b/src/camel/providers/pop3/camel-pop3-stream.c @@ -457,3 +457,14 @@ camel_pop3_stream_getd (CamelPOP3Stream *is, return 1; } + +void +camel_pop3_stream_truncate (CamelPOP3Stream *is) +{ + if (is) { + is->ptr = is->end = is->buf; + is->lineptr = is->linebuf; + is->lineend = is->linebuf + CAMEL_POP3_STREAM_LINE_SIZE; + is->ptr[0] = '\n'; + } +} diff --git a/src/camel/providers/pop3/camel-pop3-stream.h b/src/camel/providers/pop3/camel-pop3-stream.h index bb6dbb903..128c8c45a 100644 --- a/src/camel/providers/pop3/camel-pop3-stream.h +++ b/src/camel/providers/pop3/camel-pop3-stream.h @@ -87,6 +87,7 @@ gint camel_pop3_stream_getd (CamelPOP3Stream *is, guint *len, GCancellable *cancellable, GError **error); +void camel_pop3_stream_truncate (CamelPOP3Stream *is); G_END_DECLS diff --git a/src/camel/providers/smtp/camel-smtp-transport.c b/src/camel/providers/smtp/camel-smtp-transport.c index 035baf367..1fc0f3206 100644 --- a/src/camel/providers/smtp/camel-smtp-transport.c +++ b/src/camel/providers/smtp/camel-smtp-transport.c @@ -323,6 +323,8 @@ connect_to_server (CamelService *service, if (tls_stream != NULL) { camel_stream_set_base_stream (stream, tls_stream); + /* Truncate any left cached input from the insecure part of the session */ + camel_stream_buffer_truncate (transport->istream); g_object_unref (tls_stream); } else { g_prefix_error ( -- From b74b765188d96803814acf69a510a7160d9ee6c5 Mon Sep 17 00:00:00 2001 From: Milan Crha <mcrha@redhat.com> Date: Tue, 23 Jun 2020 18:38:10 +0200 Subject: [PATCH] Rename camel_stream_buffer_truncate() to camel_stream_buffer_discard_cache() It causes trouble to vala, see https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226#note_847797 --- src/camel/camel-stream-buffer.c | 6 +++--- src/camel/camel-stream-buffer.h | 3 ++- src/camel/providers/pop3/camel-pop3-store.c | 2 +- src/camel/providers/pop3/camel-pop3-stream.c | 2 +- src/camel/providers/pop3/camel-pop3-stream.h | 2 +- src/camel/providers/smtp/camel-smtp-transport.c | 2 +- 6 files changed, 9 insertions(+), 8 deletions(-) diff --git a/src/camel/camel-stream-buffer.c b/src/camel/camel-stream-buffer.c index d39fd8bdb..d1e7952af 100644 --- a/src/camel/camel-stream-buffer.c +++ b/src/camel/camel-stream-buffer.c @@ -520,16 +520,16 @@ camel_stream_buffer_read_line (CamelStreamBuffer *sbf, } /** - * camel_stream_buffer_truncate: + * camel_stream_buffer_discard_cache: * @sbf: a #CamelStreamBuffer * - * Truncates any cached data in the @sbf. The next read reads + * Discards any cached data in the @sbf. The next read reads * from the stream. * * Since: 3.36.4 **/ void -camel_stream_buffer_truncate (CamelStreamBuffer *sbf) +camel_stream_buffer_discard_cache (CamelStreamBuffer *sbf) { g_return_if_fail (CAMEL_IS_STREAM_BUFFER (sbf)); diff --git a/src/camel/camel-stream-buffer.h b/src/camel/camel-stream-buffer.h index 094e9926b..957bd7b36 100644 --- a/src/camel/camel-stream-buffer.h +++ b/src/camel/camel-stream-buffer.h @@ -93,7 +93,8 @@ gint camel_stream_buffer_gets (CamelStreamBuffer *sbf, gchar * camel_stream_buffer_read_line (CamelStreamBuffer *sbf, GCancellable *cancellable, GError **error); -void camel_stream_buffer_truncate (CamelStreamBuffer *sbf); +void camel_stream_buffer_discard_cache + (CamelStreamBuffer *sbf); G_END_DECLS diff --git a/src/camel/providers/pop3/camel-pop3-store.c b/src/camel/providers/pop3/camel-pop3-store.c index 5c9eb1eaa..818362828 100644 --- a/src/camel/providers/pop3/camel-pop3-store.c +++ b/src/camel/providers/pop3/camel-pop3-store.c @@ -206,7 +206,7 @@ connect_to_server (CamelService *service, if (tls_stream != NULL) { camel_stream_set_base_stream (stream, tls_stream); /* Truncate any left cached input from the insecure part of the session */ - camel_pop3_stream_truncate (pop3_engine->stream); + camel_pop3_stream_discard_cache (pop3_engine->stream); g_object_unref (tls_stream); } else { g_prefix_error ( diff --git a/src/camel/providers/pop3/camel-pop3-stream.c b/src/camel/providers/pop3/camel-pop3-stream.c index c485b9bd6..c246174d3 100644 --- a/src/camel/providers/pop3/camel-pop3-stream.c +++ b/src/camel/providers/pop3/camel-pop3-stream.c @@ -459,7 +459,7 @@ camel_pop3_stream_getd (CamelPOP3Stream *is, } void -camel_pop3_stream_truncate (CamelPOP3Stream *is) +camel_pop3_stream_discard_cache (CamelPOP3Stream *is) { if (is) { is->ptr = is->end = is->buf; diff --git a/src/camel/providers/pop3/camel-pop3-stream.h b/src/camel/providers/pop3/camel-pop3-stream.h index 128c8c45a..0c2f89a78 100644 --- a/src/camel/providers/pop3/camel-pop3-stream.h +++ b/src/camel/providers/pop3/camel-pop3-stream.h @@ -87,7 +87,7 @@ gint camel_pop3_stream_getd (CamelPOP3Stream *is, guint *len, GCancellable *cancellable, GError **error); -void camel_pop3_stream_truncate (CamelPOP3Stream *is); +void camel_pop3_stream_discard_cache (CamelPOP3Stream *is); G_END_DECLS diff --git a/src/camel/providers/smtp/camel-smtp-transport.c b/src/camel/providers/smtp/camel-smtp-transport.c index 1fc0f3206..f4a14f9fa 100644 --- a/src/camel/providers/smtp/camel-smtp-transport.c +++ b/src/camel/providers/smtp/camel-smtp-transport.c @@ -324,7 +324,7 @@ connect_to_server (CamelService *service, if (tls_stream != NULL) { camel_stream_set_base_stream (stream, tls_stream); /* Truncate any left cached input from the insecure part of the session */ - camel_stream_buffer_truncate (transport->istream); + camel_stream_buffer_discard_cache (transport->istream); g_object_unref (tls_stream); } else { g_prefix_error ( -- 2.30.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor