aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2020-08-03 20:27:38 +0200
committerGuilhem Moulin <guilhem@fripost.org>2020-08-03 20:50:08 +0200
commit3b2939febdeb7f92051f95a3b08cf86e221ce21d (patch)
tree5af420e5db686b913e2f5126b5d026e5d79e3fa3 /lib
parentbc43c0d9468a8d50ba141c8a965f9f07ed0456ff (diff)
libinterimap: abort on PREAUTH greeting received on plaintext connections
Set "STARTTLS = NO" to ignore. This is similar to CVE-2020-12398 and CVE-2020-14093.
Diffstat (limited to 'lib')
-rw-r--r--lib/Net/IMAP/InterIMAP.pm11
1 files changed, 10 insertions, 1 deletions
diff --git a/lib/Net/IMAP/InterIMAP.pm b/lib/Net/IMAP/InterIMAP.pm
index f0dd2df..b01e1a9 100644
--- a/lib/Net/IMAP/InterIMAP.pm
+++ b/lib/Net/IMAP/InterIMAP.pm
@@ -464,6 +464,7 @@ sub new($%) {
$self->logger('S: xxx ', $IMAP_text);
$self->{debug} = $dbg;
}
+ $self->{_STATE} = 'AUTH';
unless ($IMAP_text =~ /\A\Q$IMAP_cond\E \[CAPABILITY /) {
# refresh the CAPABILITY list since the previous one had only pre-login capabilities
@@ -471,7 +472,15 @@ sub new($%) {
$self->capabilities();
}
}
- $self->{_STATE} = 'AUTH';
+ elsif ($IMAP_cond eq 'PREAUTH') {
+ if ($self->{type} eq 'imap' and $self->{STARTTLS} != 0) {
+ $self->fail("PREAUTH greeting on plaintext connection? MiTM in action? Aborting, set \"STARTTLS = NO\" to ignore.");
+ }
+ $self->{_STATE} = 'AUTH';
+ }
+ else {
+ $self->panic();
+ }
# Don't send the COMPRESS command before STARTTLS or AUTH, as per RFC 4978
if ($self->{compress} // 1 and