From 3b2939febdeb7f92051f95a3b08cf86e221ce21d Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Mon, 3 Aug 2020 20:27:38 +0200
Subject: libinterimap: abort on PREAUTH greeting received on plaintext
 connections

Set "STARTTLS = NO" to ignore.  This is similar to CVE-2020-12398 and
CVE-2020-14093.
---
 tests/preauth-plaintext/imapd | 44 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100755 tests/preauth-plaintext/imapd

(limited to 'tests/preauth-plaintext/imapd')

diff --git a/tests/preauth-plaintext/imapd b/tests/preauth-plaintext/imapd
new file mode 100755
index 0000000..8f3ac30
--- /dev/null
+++ b/tests/preauth-plaintext/imapd
@@ -0,0 +1,44 @@
+#!/usr/bin/perl -T
+
+use warnings;
+use strict;
+
+use Errno qw/EINTR/;
+use Socket qw/INADDR_LOOPBACK AF_INET SOCK_STREAM pack_sockaddr_in
+    SOL_SOCKET SO_REUSEADDR SHUT_RDWR/;
+
+socket(my $S, AF_INET, SOCK_STREAM, 0) or die;
+setsockopt($S, SOL_SOCKET, SO_REUSEADDR, pack("l", 1)) or die;
+bind($S, pack_sockaddr_in(10143, INADDR_LOOPBACK)) or die "bind: $!\n";
+listen($S, 1) or die "listen: $!";
+
+while (1) {
+    my $sockaddr = accept(my $conn, $S) or do {
+        next if $! == EINTR;
+        die "accept: $!";
+    };
+
+    # minimum CAPABILITY list, see tests/snippets/dovecot/interimap-required-capabilities.conf
+    $conn->printflush("* PREAUTH [CAPABILITY IMAP4rev1 ENABLE UIDPLUS LIST-EXTENDED QRESYNC LIST-STATUS] IMAP4rev1 Server\r\n");
+    my $x;
+
+    $x = $conn->getline() // next;
+    $x =~ /\A(\S+) ENABLE QRESYNC\r\n/ or die;
+    $conn->printflush("* ENABLED QRESYNC\r\n$1 OK ENABLE completed\r\n");
+
+    $x = $conn->getline() // next;
+    $x =~ /\A(\S+) LIST .*\r\n/ or die;
+    $conn->print("* LIST (\\Noselect) \"~\" \"\"\r\n");
+    $conn->print("* LIST () \"~\" INBOX\r\n");
+    $conn->print("* STATUS INBOX (UIDNEXT 1 UIDVALIDITY 1 HIGHESTMODSEQ 1)\r\n");
+    $conn->printflush("$1 OK LIST completed\r\n");
+
+    close($conn);
+}
+
+END {
+    if (defined $S) {
+        shutdown($S, SHUT_RDWR) or warn "shutdown: $!";
+        close($S) or print STDERR "Can't close: $!\n";
+    }
+}
-- 
cgit v1.2.3