From bc43c0d9468a8d50ba141c8a965f9f07ed0456ff Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 3 Aug 2020 19:20:05 +0200 Subject: libinterimap: Fix response injection vulnerability after STARTTLS. For background see https://gitlab.com/muttmua/mutt/-/issues/248 . --- lib/Net/IMAP/InterIMAP.pm | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lib/Net') diff --git a/lib/Net/IMAP/InterIMAP.pm b/lib/Net/IMAP/InterIMAP.pm index 906d38b..f0dd2df 100644 --- a/lib/Net/IMAP/InterIMAP.pm +++ b/lib/Net/IMAP/InterIMAP.pm @@ -1654,6 +1654,11 @@ sub _start_ssl($$) { my $ctx = Net::SSLeay::CTX_new() or $self->panic("Failed to create SSL_CTX $!"); my $ssl_options = Net::SSLeay::OP_SINGLE_DH_USE() | Net::SSLeay::OP_SINGLE_ECDH_USE(); + if (defined $self->{_OUTBUF} and $self->{_OUTBUF} ne '') { + $self->warn("Truncating non-empty output buffer (unauthenticated response injection?)"); + undef $self->{_OUTBUF}; + } + $self->{SSL_protocols} //= q{!SSLv2 !SSLv3 !TLSv1 !TLSv1.1}; my ($proto_include, $proto_exclude) = (0, 0); foreach (split /\s+/, $self->{SSL_protocols}) { -- cgit v1.2.3