From: Timo Sirainen Date: Wed, 6 May 2026 15:19:16 +0000 (+0000) Subject: imap-login: Reject duplicate MULTIPLEX from backend X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=935ff8083a7c8ae36d7607baa0384cb9986e69dd;p=thirdparty%2Fdovecot%2Fcore.git imap-login: Reject duplicate MULTIPLEX from backend If a buggy backend IMAP server sends "* MULTIPLEX 0" twice, the second parse call re-entered login_proxy_multiplex_input_start() and crashed on the multiplex_orig_input==NULL assert. Detect the duplicate and fail the proxy connection with a protocol error instead. --- diff --git a/src/imap-login/imap-proxy.c b/src/imap-login/imap-proxy.c index 3074a4670d..02661c6120 100644 --- a/src/imap-login/imap-proxy.c +++ b/src/imap-login/imap-proxy.c @@ -549,6 +549,13 @@ int imap_proxy_parse_line(struct client *client, const char *line) "MULTIPLEX started without being requested"); return -1; } + if (login_proxy_multiplex_input_started(client->login_proxy)) { + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, + "MULTIPLEX started twice"); + return -1; + } login_proxy_multiplex_input_start(client->login_proxy); /* force caller to refresh istream */ return 1;