2007-04-18 [paul] 2.9.0cvs8
authorPaul Mangan <paul@claws-mail.org>
Wed, 18 Apr 2007 08:31:48 +0000 (08:31 +0000)
committerPaul Mangan <paul@claws-mail.org>
Wed, 18 Apr 2007 08:31:48 +0000 (08:31 +0000)
* src/pop.c
fix for CVE-2007-1558 (APOP)
Thanks to Colin

ChangeLog
PATCHSETS
configure.ac
src/pop.c

index 0d1489e4d7b452f8f056066ebd513b5fe32b0f9e..a774b239ae9bf68f19ef5f06a38ba7401d723fa6 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2007-04-18 [paul]      2.9.0cvs8
+
+       * src/pop.c
+               fix for CVE-2007-1558 (APOP)
+               Thanks to Colin
+
 2007-04-18 [paul]      2.9.0cvs7
 
        * src/messageview.c
index 17f1566bf363cae46e87203a6b0534a399007cb2..9ddd9280c89aea8b8a2b7dd36da43daab833d8db 100644 (file)
--- a/PATCHSETS
+++ b/PATCHSETS
 ( cvs diff -u -r 1.9.2.14 -r 1.9.2.15 src/addressadd.c;  cvs diff -u -r 1.60.2.85 -r 1.60.2.86 src/addressbook.c;  cvs diff -u -r 1.28.2.26 -r 1.28.2.27 src/addrindex.c;  cvs diff -u -r 1.1.2.2 -r 1.1.2.3 src/ldapupdate.c;  ) > 2.9.0cvs5.patchset
 ( cvs diff -u -r 1.5.2.44 -r 1.5.2.45 src/gtk/pluginwindow.c;  ) > 2.9.0cvs6.patchset
 ( cvs diff -u -r 1.94.2.131 -r 1.94.2.132 src/messageview.c;  cvs diff -u -r 1.83.2.104 -r 1.83.2.105 src/mimeview.c;  cvs diff -u -r 1.395.2.295 -r 1.395.2.296 src/summaryview.c;  cvs diff -u -r 1.2.2.32 -r 1.2.2.33 src/gtk/filesel.c;  ) > 2.9.0cvs7.patchset
+( cvs diff -u -r 1.56.2.50 -r 1.56.2.51 src/pop.c;  ) > 2.9.0cvs8.patchset
index 15b075b8506ebbb28761add5f0338364b7df37de..f7f97b8cdea00ee86033e4987e21c46d72944dc7 100644 (file)
@@ -11,7 +11,7 @@ MINOR_VERSION=9
 MICRO_VERSION=0
 INTERFACE_AGE=0
 BINARY_AGE=0
-EXTRA_VERSION=7
+EXTRA_VERSION=8
 EXTRA_RELEASE=
 EXTRA_GTK2_VERSION=
 
index 5ce354defa7a386c9f5e9ecad738643e53aa5d11..da84d5e6baaf270d1124ffa923818e0019802f5e 100644 (file)
--- a/src/pop.c
+++ b/src/pop.c
@@ -158,9 +158,14 @@ static gint pop3_getauth_apop_send(Pop3Session *session)
                session->error_val = PS_PROTOCOL;
                return -1;
        }
-
        *(end + 1) = '\0';
 
+       if (!is_ascii_str(start)) {
+               log_error(LOG_PROTOCOL, _("Timestamp syntax error in greeting (not ascii)\n"));
+               session->error_val = PS_PROTOCOL;
+               return -1;
+       }
+
        apop_str = g_strconcat(start, session->pass, NULL);
        md5_hex_digest(md5sum, apop_str);
        g_free(apop_str);
@@ -935,41 +940,41 @@ static gint pop3_session_recv_msg(Session *session, const gchar *msg)
                pop3_greeting_recv(pop3_session, body);
 #if USE_OPENSSL
                if (pop3_session->ac_prefs->ssl_pop == SSL_STARTTLS)
-                       pop3_stls_send(pop3_session);
+                       val = pop3_stls_send(pop3_session);
                else
 #endif
                if (pop3_session->ac_prefs->use_apop_auth)
-                       pop3_getauth_apop_send(pop3_session);
+                       val = pop3_getauth_apop_send(pop3_session);
                else
-                       pop3_getauth_user_send(pop3_session);
+                       val = pop3_getauth_user_send(pop3_session);
                break;
 #if USE_OPENSSL
        case POP3_STLS:
                if (pop3_stls_recv(pop3_session) != PS_SUCCESS)
                        return -1;
                if (pop3_session->ac_prefs->use_apop_auth)
-                       pop3_getauth_apop_send(pop3_session);
+                       val = pop3_getauth_apop_send(pop3_session);
                else
-                       pop3_getauth_user_send(pop3_session);
+                       val = pop3_getauth_user_send(pop3_session);
                break;
 #endif
        case POP3_GETAUTH_USER:
-               pop3_getauth_pass_send(pop3_session);
+               val = pop3_getauth_pass_send(pop3_session);
                break;
        case POP3_GETAUTH_PASS:
        case POP3_GETAUTH_APOP:
                if (!pop3_session->pop_before_smtp)
-                       pop3_getrange_stat_send(pop3_session);
+                       val = pop3_getrange_stat_send(pop3_session);
                else
-                       pop3_logout_send(pop3_session);
+                       val = pop3_logout_send(pop3_session);
                break;
        case POP3_GETRANGE_STAT:
                if (pop3_getrange_stat_recv(pop3_session, body) < 0)
                        return -1;
                if (pop3_session->count > 0)
-                       pop3_getrange_uidl_send(pop3_session);
+                       val = pop3_getrange_uidl_send(pop3_session);
                else
-                       pop3_logout_send(pop3_session);
+                       val = pop3_logout_send(pop3_session);
                break;
        case POP3_GETRANGE_LAST:
                if (val == PS_NOTSUPPORTED)
@@ -977,14 +982,14 @@ static gint pop3_session_recv_msg(Session *session, const gchar *msg)
                else if (pop3_getrange_last_recv(pop3_session, body) < 0)
                        return -1;
                if (pop3_session->cur_msg > 0)
-                       pop3_getsize_list_send(pop3_session);
+                       val = pop3_getsize_list_send(pop3_session);
                else
-                       pop3_logout_send(pop3_session);
+                       val = pop3_logout_send(pop3_session);
                break;
        case POP3_GETRANGE_UIDL:
                if (val == PS_NOTSUPPORTED) {
                        pop3_session->error_val = PS_SUCCESS;
-                       pop3_getrange_last_send(pop3_session);
+                       val = pop3_getrange_last_send(pop3_session);
                } else {
                        pop3_session->state = POP3_GETRANGE_UIDL_RECV;
                        session_recv_data(session, 0, ".\r\n");
@@ -1009,7 +1014,7 @@ static gint pop3_session_recv_msg(Session *session, const gchar *msg)
        case POP3_DELETE:
                pop3_delete_recv(pop3_session);
                if (pop3_session->cur_msg == pop3_session->count)
-                       pop3_logout_send(pop3_session);
+                       val = pop3_logout_send(pop3_session);
                else {
                        pop3_session->cur_msg++;
                        if (pop3_lookup_next(pop3_session) == POP3_ERROR)
@@ -1025,7 +1030,7 @@ static gint pop3_session_recv_msg(Session *session, const gchar *msg)
                return -1;
        }
 
-       return 0;
+       return val == PS_SUCCESS?0:-1;
 }
 
 static gint pop3_session_recv_data_finished(Session *session, guchar *data,