libinterimap: Fix response injection vulnerability after STARTTLS.

For background see https://gitlab.com/muttmua/mutt/-/issues/248 .
author: Guilhem Moulin <guilhem@fripost.org> 2020-08-03 19:20:05 +0200
committer: Guilhem Moulin <guilhem@fripost.org> 2020-08-03 20:30:46 +0200
commit: bc43c0d9468a8d50ba141c8a965f9f07ed0456ff (patch)
tree: 4b123c259533ffc118ee4325da726fb2eaecfad9 /lib/Net/IMAP
parent: bf4175c4f5fa40c5b6385dd728d4e7732833f64c (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/Net/IMAP/InterIMAP.pm b/lib/Net/IMAP/InterIMAP.pm
index 906d38b..f0dd2df 100644
--- a/lib/Net/IMAP/InterIMAP.pm
+++ b/lib/Net/IMAP/InterIMAP.pm
@@ -1654,6 +1654,11 @@ sub _start_ssl($$) {
     my $ctx = Net::SSLeay::CTX_new() or $self->panic("Failed to create SSL_CTX $!");
     my $ssl_options = Net::SSLeay::OP_SINGLE_DH_USE() | Net::SSLeay::OP_SINGLE_ECDH_USE();
 
+    if (defined $self->{_OUTBUF} and $self->{_OUTBUF} ne '') {
+        $self->warn("Truncating non-empty output buffer (unauthenticated response injection?)");
+        undef $self->{_OUTBUF};
+    }
+
     $self->{SSL_protocols} //= q{!SSLv2 !SSLv3 !TLSv1 !TLSv1.1};
     my ($proto_include, $proto_exclude) = (0, 0);
     foreach (split /\s+/, $self->{SSL_protocols}) {
author	Guilhem Moulin <guilhem@fripost.org>	2020-08-03 19:20:05 +0200
committer	Guilhem Moulin <guilhem@fripost.org>	2020-08-03 20:30:46 +0200
commit	bc43c0d9468a8d50ba141c8a965f9f07ed0456ff (patch)
tree	4b123c259533ffc118ee4325da726fb2eaecfad9 /lib/Net/IMAP
parent	bf4175c4f5fa40c5b6385dd728d4e7732833f64c (diff)