diff options
| author | Eduardo Chappa <chappa@washington.edu> | 2020-06-18 03:25:29 -0600 |
|---|---|---|
| committer | Eduardo Chappa <chappa@washington.edu> | 2020-06-18 03:25:29 -0600 |
| commit | 000edd9036b6aea5e6a06900ecd6c58faec665ab (patch) | |
| tree | cb0e40cf17e1c6e3b1f69cb02fe1ef364e605d1a | |
| parent | 5cba97d032b16b89a6f73d5841e55bf13672f921 (diff) | |
| download | alpine-000edd9036b6aea5e6a06900ecd6c58faec665ab.tar.xz | |
* Security Bug: Alpine can be configured to start a secure connection using /tls
on an insecure connection. However, if the connection is PREAUTH, Alpine
will not upgrade the connection to a secure connection, because a client
must not issue a STARTTLS to a server that supports it in authenticated
state. This makes Alpine continue to use an insecure connection with the
server, exposing user data. Reported by Damian Poddebniak and Fabian
Ising, from Münster University of Applied Sciences.
| -rw-r--r-- | imap/src/c-client/imap4r1.c | 12 | ||||
| -rw-r--r-- | pith/pine.hlp | 10 |
2 files changed, 20 insertions, 2 deletions
diff --git a/imap/src/c-client/imap4r1.c b/imap/src/c-client/imap4r1.c index 2233da6..4991f85 100644 --- a/imap/src/c-client/imap4r1.c +++ b/imap/src/c-client/imap4r1.c @@ -1,7 +1,7 @@ /* * Copyright 2016-2020 Eduardo Chappa * - * Last Edited: Jan 26, 2020 Eduardo Chappa <alpine.chappa@gmx.com> + * Last Edited: Jun 18, 2020 Eduardo Chappa <alpine.chappa@yandex.com> * */ /* ======================================================================== @@ -891,6 +891,16 @@ MAILSTREAM *imap_open (MAILSTREAM *stream) return NIL; /* lost during greeting */ } + /* STARTTLS is not allowed in PREAUTH state */ + if (LOCAL->netstream && !strcmp (reply->key,"PREAUTH")){ + sslstart_t stls = (sslstart_t) mail_parameters (NIL,GET_SSLSTART,NIL); + if (!LOCAL->gotcapability) imap_capability (stream); + if (LOCAL->netstream + && stls && LOCAL->cap.starttls && !mb.sslflag && !mb.notlsflag && mb.tlsflag){ + mm_log("STARTTLS not allowed on PREAUTH state. Closing Connection", ERROR); + return NIL; + } + } /* if connected and not preauthenticated */ if (LOCAL->netstream && strcmp (reply->key,"PREAUTH")) { sslstart_t stls = (sslstart_t) mail_parameters (NIL,GET_SSLSTART,NIL); diff --git a/pith/pine.hlp b/pith/pine.hlp index 850a84b..eb20666 100644 --- a/pith/pine.hlp +++ b/pith/pine.hlp @@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any reasonable place to be called from. Dummy change to get revision in pine.hlp ============= h_revision ================= -Alpine Commit 450 2020-06-17 12:40:13 +Alpine Commit 451 2020-06-18 03:25:21 ============= h_news ================= <HTML> <HEAD> @@ -243,6 +243,14 @@ problems you find with this release. Bugs addressed: <UL> + <LI> Security Bug: Alpine can be configured to start a secure connection using /tls + on an insecure connection. However, if the connection is PREAUTH, Alpine + will not upgrade the connection to a secure connection, because a client + must not issue a STARTTLS to a server that supports it in authenticated + state. This makes Alpine continue to use an insecure connection with the + server, exposing user data. Reported by Damian Poddebniak and Fabian + Ising from Münster University of Applied Sciences. + <LI> Selecting by subject might not copy the subject of the current message to the selection text correctly. Reported by Iosif Fettich. |