SECURITY: imap.c, pop3.c: STARTTLS drops state

We need to lose all state after STARTTLS to safeguard from attacks against the clear-text part of the session.
author: Matthias Andree <matthias.andree@gmx.de> 2021-08-26 23:53:14 +0200
committer: Matthias Andree <matthias.andree@gmx.de> 2021-08-26 23:53:28 +0200
commit: 3837f0e2e42b43c69b46d240adcbbe3a2c68ce95 (patch)
tree: a83643f757e6e4fe856af188ec2b22e60fde8e21
parent: bb220dc184b0b680ed21e0500766046fa8244987 (diff)
download: fetchmail-3837f0e2e42b43c69b46d240adcbbe3a2c68ce95.tar.gz
fetchmail-3837f0e2e42b43c69b46d240adcbbe3a2c68ce95.tar.bz2
fetchmail-3837f0e2e42b43c69b46d240adcbbe3a2c68ce95.zip
2 files changed, 43 insertions, 35 deletions
diff --git a/imap.c b/imap.c
index 55998ae2..882d4050 100644
--- a/imap.c
+++ b/imap.c
@@ -38,6 +38,16 @@ static int imap_version = IMAP4;
 static flag do_idle = FALSE, has_idle = FALSE;
 static int expunge_period = 1;
 
+static void clear_sessiondata(void) {
+	/* must match defaults above */
+	preauth = FALSE;
+	memset(capabilities, 0, sizeof(capabilities));
+	imap_version = IMAP4;
+	do_idle = FALSE;
+	has_idle = FALSE;
+	expunge_period = 1;
+}
+
 /* the next ones need to be kept in synch - C89 does not consider strlen() 
  * a const initializer */
 const char *const capa_begin = " [CAPABILITY "; const unsigned capa_len = 13;
@@ -455,6 +465,8 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
     int ok = 0;
     char *commonname, *cp;
 
+    clear_sessiondata();
+
     /*
      * Assumption: expunges are cheap, so we want to do them
      * after every message unless user said otherwise.
@@ -518,8 +530,11 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
 		 * Now that we're confident in our TLS connection we can
 		 * guarantee a secure capability re-probe.
 		 */
+		clear_sessiondata();
 		if ((ok = capa_probe(sock, ctl)))
+		{
 		    return ok;
+		}
 	    } else if (must_starttls(ctl)) {
 		/* Config required TLS but we couldn't guarantee it, so we must
 		 * stop. */
diff --git a/pop3.c b/pop3.c
index 4dfbd3b1..bdf2d38d 100644
--- a/pop3.c
+++ b/pop3.c
@@ -43,23 +43,29 @@ static char lastok[POPBUFSIZE+1];
 #endif /* OPIE_ENABLE */
 
 /* session variables initialized in capa_probe() or pop3_getauth() */
-flag done_capa = FALSE;
-#if defined(GSSAPI)
-flag has_gssapi = FALSE;
-#endif /* defined(GSSAPI) */
-#if defined(KERBEROS_V4) || defined(KERBEROS_V5)
-flag has_kerberos = FALSE;
-#endif /* defined(KERBEROS_V4) || defined(KERBEROS_V5) */
+/* some of these will not be accessed depending on fetchmail's
+ * compile-time configuration */
+static flag done_capa = FALSE;
+static flag has_gssapi = FALSE;
+static flag has_kerberos = FALSE;
 static flag has_cram = FALSE;
-#ifdef OPIE_ENABLE
-flag has_otp = FALSE;
-#endif /* OPIE_ENABLE */
-#ifdef NTLM_ENABLE
-flag has_ntlm = FALSE;
-#endif /* NTLM_ENABLE */
-#ifdef SSL_ENABLE
+static flag has_otp = FALSE;
+static flag has_ntlm = FALSE;
 static flag has_stls = FALSE;
-#endif /* SSL_ENABLE */
+
+static void clear_sessiondata(void) {
+    /* must match defaults above */
+#ifdef OPIE_ENABLE
+    memset(lastok, 0, sizeof(lastok));
+#endif
+    done_capa = FALSE;
+    has_gssapi = FALSE;
+    has_kerberos = FALSE;
+    has_cram = FALSE;
+    has_otp = FALSE;
+    has_ntlm = FALSE;
+    has_stls = FALSE;
+}
 
 /* mailbox variables initialized in pop3_getrange() */
 static int last;
@@ -131,7 +137,7 @@ static int pop3_ok (int sock, char *argbuf)
 	if (strcmp(buf,"+OK") == 0)
 	{
 #ifdef OPIE_ENABLE
-	    strcpy(lastok, bufp);
+	    strlcpy(lastok, bufp, sizeof(lastok));
 #endif /* OPIE_ENABLE */
 	    ok = 0;
 	}
@@ -289,20 +295,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
     char *commonname;
 #endif /* SSL_ENABLE */
 
-    done_capa = FALSE;
-#if defined(GSSAPI)
-    has_gssapi = FALSE;
-#endif /* defined(GSSAPI) */
-#if defined(KERBEROS_V4) || defined(KERBEROS_V5)
-    has_kerberos = FALSE;
-#endif /* defined(KERBEROS_V4) || defined(KERBEROS_V5) */
-    has_cram = FALSE;
-#ifdef OPIE_ENABLE
-    has_otp = FALSE;
-#endif /* OPIE_ENABLE */
-#ifdef SSL_ENABLE
-    has_stls = FALSE;
-#endif /* SSL_ENABLE */
+    clear_sessiondata();
 
     /* Set this up before authentication quits early. */
     set_peek_capable(ctl);
@@ -437,15 +430,15 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
 		    * guarantee a secure capability re-probe.
 		    */
 		   set_timeout(0);
-		   done_capa = FALSE;
-		   ok = capa_probe(sock);
-		   if (ok != PS_SUCCESS) {
-		       return ok;
-		   }
 		   if (outlevel >= O_VERBOSE)
 		   {
 		       report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), commonname);
 		   }
+		   clear_sessiondata();
+		   ok = capa_probe(sock);
+		   if (ok != PS_SUCCESS) {
+		       return ok;
+		   }
 	       } else if (must_starttls(ctl)) {
 		   /* Config required TLS but we couldn't guarantee it, so we must
 		    * stop. */
author	Matthias Andree <matthias.andree@gmx.de>	2021-08-26 23:53:14 +0200
committer	Matthias Andree <matthias.andree@gmx.de>	2021-08-26 23:53:28 +0200
commit	3837f0e2e42b43c69b46d240adcbbe3a2c68ce95 (patch)
tree	a83643f757e6e4fe856af188ec2b22e60fde8e21
parent	bb220dc184b0b680ed21e0500766046fa8244987 (diff)
download	fetchmail-3837f0e2e42b43c69b46d240adcbbe3a2c68ce95.tar.gz fetchmail-3837f0e2e42b43c69b46d240adcbbe3a2c68ce95.tar.bz2 fetchmail-3837f0e2e42b43c69b46d240adcbbe3a2c68ce95.zip