]> git.ipfire.org Git - thirdparty/dovecot/core.git/commit
projects / thirdparty / dovecot / core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 708ab90) | patch
lib-smtp: smtp-server-connection - Fix STARTTLS command injection vulnerability.
authorStephan Bosch <stephan.bosch@open-xchange.com>
Fri, 21 May 2021 22:16:38 +0000 (00:16 +0200)
committerTimo Sirainen <timo.sirainen@open-xchange.com>
Wed, 26 May 2021 07:50:27 +0000 (10:50 +0300)
commit321c339756f9b2b98fb7326359d1333adebb5295
tree7c33b0a24bedf6994a8e3a06843d1b036cb515b0tree | snapshot
parent708ab90229c302413f4039e032d7c8d059407594commit | diff
lib-smtp: smtp-server-connection - Fix STARTTLS command injection vulnerability.

The input handler kept reading more commands even though the input was locked by
the STARTTLS command, thereby causing it to read the command pipelined beyond
STARTTLS. This causes a STARTTLS command injection vulerability.
src/lib-smtp/smtp-server-cmd-starttls.c diff | blob | blame | history
src/lib-smtp/smtp-server-connection.c diff | blob | blame | history
Mirror of https://github.com/dovecot/core.git