diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2020-08-03 20:27:38 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2020-08-03 20:50:08 +0200 |
commit | 3b2939febdeb7f92051f95a3b08cf86e221ce21d (patch) | |
tree | 5af420e5db686b913e2f5126b5d026e5d79e3fa3 /lib/Net | |
parent | bc43c0d9468a8d50ba141c8a965f9f07ed0456ff (diff) |
libinterimap: abort on PREAUTH greeting received on plaintext connections
Set "STARTTLS = NO" to ignore. This is similar to CVE-2020-12398 and
CVE-2020-14093.
Diffstat (limited to 'lib/Net')
-rw-r--r-- | lib/Net/IMAP/InterIMAP.pm | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/lib/Net/IMAP/InterIMAP.pm b/lib/Net/IMAP/InterIMAP.pm index f0dd2df..b01e1a9 100644 --- a/lib/Net/IMAP/InterIMAP.pm +++ b/lib/Net/IMAP/InterIMAP.pm @@ -464,6 +464,7 @@ sub new($%) { $self->logger('S: xxx ', $IMAP_text); $self->{debug} = $dbg; } + $self->{_STATE} = 'AUTH'; unless ($IMAP_text =~ /\A\Q$IMAP_cond\E \[CAPABILITY /) { # refresh the CAPABILITY list since the previous one had only pre-login capabilities @@ -471,7 +472,15 @@ sub new($%) { $self->capabilities(); } } - $self->{_STATE} = 'AUTH'; + elsif ($IMAP_cond eq 'PREAUTH') { + if ($self->{type} eq 'imap' and $self->{STARTTLS} != 0) { + $self->fail("PREAUTH greeting on plaintext connection? MiTM in action? Aborting, set \"STARTTLS = NO\" to ignore."); + } + $self->{_STATE} = 'AUTH'; + } + else { + $self->panic(); + } # Don't send the COMPRESS command before STARTTLS or AUTH, as per RFC 4978 if ($self->{compress} // 1 and |