From 3b2939febdeb7f92051f95a3b08cf86e221ce21d Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Mon, 3 Aug 2020 20:27:38 +0200
Subject: libinterimap: abort on PREAUTH greeting received on plaintext
 connections

Set "STARTTLS = NO" to ignore.  This is similar to CVE-2020-12398 and
CVE-2020-14093.
---
 lib/Net/IMAP/InterIMAP.pm | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/Net/IMAP/InterIMAP.pm b/lib/Net/IMAP/InterIMAP.pm
index f0dd2df..b01e1a9 100644
--- a/lib/Net/IMAP/InterIMAP.pm
+++ b/lib/Net/IMAP/InterIMAP.pm
@@ -464,6 +464,7 @@ sub new($%) {
             $self->logger('S: xxx ', $IMAP_text);
             $self->{debug} = $dbg;
         }
+        $self->{_STATE} = 'AUTH';
 
         unless ($IMAP_text =~ /\A\Q$IMAP_cond\E \[CAPABILITY /) {
             # refresh the CAPABILITY list since the previous one had only pre-login capabilities
@@ -471,7 +472,15 @@ sub new($%) {
             $self->capabilities();
         }
     }
-    $self->{_STATE} = 'AUTH';
+    elsif ($IMAP_cond eq 'PREAUTH') {
+        if ($self->{type} eq 'imap' and $self->{STARTTLS} != 0) {
+            $self->fail("PREAUTH greeting on plaintext connection? MiTM in action? Aborting, set \"STARTTLS = NO\" to ignore.");
+        }
+        $self->{_STATE} = 'AUTH';
+    }
+    else {
+        $self->panic();
+    }
 
     # Don't send the COMPRESS command before STARTTLS or AUTH, as per RFC 4978
     if ($self->{compress} // 1 and
-- 
cgit v1.2.3