]> git.ipfire.org Git - thirdparty/dovecot/core.git/commit
projects / thirdparty / dovecot / core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9b04e6f) | patch
lib-smtp: smtp-server-connection - Fix STARTTLS command injection vulnerability.
authorStephan Bosch <stephan.bosch@open-xchange.com>
Fri, 21 May 2021 22:16:38 +0000 (00:16 +0200)
committertimo.sirainen <timo.sirainen@open-xchange.com>
Mon, 21 Jun 2021 13:24:30 +0000 (13:24 +0000)
commitbcdbf445a9d354a16a48ca2a42c3c1d607e003fd
tree800603d42cbc2a9273c639683c0d8518b797ebc6tree | snapshot
parent9b04e6fbfb5ea3d50ce9b8a26fbae9b68e447995commit | diff
lib-smtp: smtp-server-connection - Fix STARTTLS command injection vulnerability.

The input handler kept reading more commands even though the input was locked by
the STARTTLS command, thereby causing it to read the command pipelined beyond
STARTTLS. This causes a STARTTLS command injection vulerability.
src/lib-smtp/smtp-server-cmd-starttls.c diff | blob | blame | history
src/lib-smtp/smtp-server-connection.c diff | blob | blame | history
Mirror of https://github.com/dovecot/core.git