imap-login: Reject duplicate MULTIPLEX from backend

If a buggy backend IMAP server sends "* MULTIPLEX 0" twice, the second
parse call re-entered login_proxy_multiplex_input_start() and crashed
on the multiplex_orig_input==NULL assert. Detect the duplicate and
fail the proxy connection with a protocol error instead.

diff --git a/src/imap-login/imap-proxy.c b/src/imap-login/imap-proxy.c
index 3074a4670d73ee065f2ab6679fa953e5991d485e..02661c612096f861aa1890a7fe3d130723a04c3e 100644 (file)
--- a/src/imap-login/imap-proxy.c
+++ b/src/imap-login/imap-proxy.c
@@ -549,6 +549,13 @@ int imap_proxy_parse_line(struct client *client, const char *line)
                                "MULTIPLEX started without being requested");
                        return -1;
                }
+               if (login_proxy_multiplex_input_started(client->login_proxy)) {
+                       login_proxy_failed(client->login_proxy,
+                               login_proxy_get_event(client->login_proxy),
+                               LOGIN_PROXY_FAILURE_TYPE_PROTOCOL,
+                               "MULTIPLEX started twice");
+                       return -1;
+               }
                login_proxy_multiplex_input_start(client->login_proxy);
                /* force caller to refresh istream */
                return 1;