blob: 427d57b2b8ee6d6f7987736674dedc6e437f0e14 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
# Test IMAP MiTM via PREAUTH greeting
# For background see CVE-2020-12398, CVE-2020-14093 and
# https://gitlab.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01
env -i USER="remote" HOME="$HOME_remote" "$TESTDIR/imapd" & PID=$!
trap "ptree_abort $PID" EXIT INT TERM
! interimap --debug || error
grep -Fx 'remote: ERROR: PREAUTH greeting on plaintext connection? MiTM in action? Aborting, set "STARTTLS = NO" to ignore.' <"$STDERR" || error
! grep '^remote: C: ' <"$STDERR" || error "wrote command in MiTM'ed PREAUTH connection!"
# Ignore the warning when STARTTLS is explicitely disabled
echo "STARTTLS = NO" >>"$XDG_CONFIG_HOME/interimap/config"
interimap --debug || true
grep -Fx "remote: S: * STATUS INBOX (UIDNEXT 1 UIDVALIDITY 1 HIGHESTMODSEQ 1)" <"$STDERR" || error
# vim: set filetype=sh :
|
