Commit f404f33f authored by Milan Crha's avatar Milan Crha

I#226 - CVE-2020-14928: Response Injection via STARTTLS in SMTP and POP3

Closes #226
parent c05b38e1
......@@ -518,3 +518,22 @@ camel_stream_buffer_read_line (CamelStreamBuffer *sbf,
return g_strdup ((gchar *) sbf->priv->linebuf);
}
/**
* camel_stream_buffer_truncate:
* @sbf: a #CamelStreamBuffer
*
* Truncates any cached data in the @sbf. The next read reads
* from the stream.
*
* Since: 3.36.4
**/
void
camel_stream_buffer_truncate (CamelStreamBuffer *sbf)
{
g_return_if_fail (CAMEL_IS_STREAM_BUFFER (sbf));
sbf->priv->ptr = sbf->priv->buf;
sbf->priv->end = sbf->priv->buf;
sbf->priv->ptr[0] = '\0';
}
......@@ -93,6 +93,7 @@ gint camel_stream_buffer_gets (CamelStreamBuffer *sbf,
gchar * camel_stream_buffer_read_line (CamelStreamBuffer *sbf,
GCancellable *cancellable,
GError **error);
void camel_stream_buffer_truncate (CamelStreamBuffer *sbf);
G_END_DECLS
......
......@@ -205,6 +205,8 @@ connect_to_server (CamelService *service,
if (tls_stream != NULL) {
camel_stream_set_base_stream (stream, tls_stream);
/* Truncate any left cached input from the insecure part of the session */
camel_pop3_stream_truncate (pop3_engine->stream);
g_object_unref (tls_stream);
} else {
g_prefix_error (
......
......@@ -457,3 +457,14 @@ camel_pop3_stream_getd (CamelPOP3Stream *is,
return 1;
}
void
camel_pop3_stream_truncate (CamelPOP3Stream *is)
{
if (is) {
is->ptr = is->end = is->buf;
is->lineptr = is->linebuf;
is->lineend = is->linebuf + CAMEL_POP3_STREAM_LINE_SIZE;
is->ptr[0] = '\n';
}
}
......@@ -87,6 +87,7 @@ gint camel_pop3_stream_getd (CamelPOP3Stream *is,
guint *len,
GCancellable *cancellable,
GError **error);
void camel_pop3_stream_truncate (CamelPOP3Stream *is);
G_END_DECLS
......
......@@ -323,6 +323,8 @@ connect_to_server (CamelService *service,
if (tls_stream != NULL) {
camel_stream_set_base_stream (stream, tls_stream);
/* Truncate any left cached input from the insecure part of the session */
camel_stream_buffer_truncate (transport->istream);
g_object_unref (tls_stream);
} else {
g_prefix_error (
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment