]> git.ipfire.org Git - thirdparty/dovecot/core.git/commit
projects / thirdparty / dovecot / core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 06b333a) | patch
lib-smtp: smtp-server-connection - Fix STARTTLS command injection vulnerability.
authorStephan Bosch <stephan.bosch@open-xchange.com>
Fri, 21 May 2021 22:16:38 +0000 (00:16 +0200)
committerTimo Sirainen <timo.sirainen@open-xchange.com>
Wed, 26 May 2021 07:48:02 +0000 (10:48 +0300)
commit65bd1a27a361545c9ccf405b955c72a9c4d29b38
tree7ca8d82ace1ad73e2f9ce249f1097b737a904126tree | snapshot
parent06b333a5634742431d27a8c0d699fe01448a5167commit | diff
lib-smtp: smtp-server-connection - Fix STARTTLS command injection vulnerability.

The input handler kept reading more commands even though the input was locked by
the STARTTLS command, thereby causing it to read the command pipelined beyond
STARTTLS. This causes a STARTTLS command injection vulerability.
src/lib-smtp/smtp-server-cmd-starttls.c diff | blob | blame | history
src/lib-smtp/smtp-server-connection.c diff | blob | blame | history
Mirror of https://github.com/dovecot/core.git