[jackhill/guix/guix.git] / gnu / packages / patches / evolution-data-server-CVE-2020-14928.patch

From ba82be72cfd427b5d72ff21f929b3a6d8529c4df Mon Sep 17 00:00:00 2001
From: Milan Crha <mcrha@redhat.com>
Date: Mon, 22 Jun 2020 13:40:17 +0200
Subject: [PATCH] I#226 - CVE-2020-14928: Response Injection via STARTTLS in
 SMTP and POP3

Closes https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226
---
 src/camel/camel-stream-buffer.c               | 19 +++++++++++++++++++
 src/camel/camel-stream-buffer.h               |  1 +
 src/camel/providers/pop3/camel-pop3-store.c   |  2 ++
 src/camel/providers/pop3/camel-pop3-stream.c  | 11 +++++++++++
 src/camel/providers/pop3/camel-pop3-stream.h  |  1 +
 .../providers/smtp/camel-smtp-transport.c     |  2 ++
 6 files changed, 36 insertions(+)

diff --git a/src/camel/camel-stream-buffer.c b/src/camel/camel-stream-buffer.c
index 3e2e0dd36..a6f605ae5 100644
--- a/src/camel/camel-stream-buffer.c
+++ b/src/camel/camel-stream-buffer.c
@@ -518,3 +518,22 @@ camel_stream_buffer_read_line (CamelStreamBuffer *sbf,
 
 	return g_strdup ((gchar *) sbf->priv->linebuf);
 }
+
+/**
+ * camel_stream_buffer_discard_cache:
+ * @sbf: a #CamelStreamBuffer
+ *
+ * Discards any cached data in the @sbf. The next read reads
+ * from the stream.
+ *
+ * Since: 3.38
+ **/
+void
+camel_stream_buffer_discard_cache (CamelStreamBuffer *sbf)
+{
+	g_return_if_fail (CAMEL_IS_STREAM_BUFFER (sbf));
+
+	sbf->priv->ptr = sbf->priv->buf;
+	sbf->priv->end = sbf->priv->buf;
+	sbf->priv->ptr[0] = '\0';
+}
diff --git a/src/camel/camel-stream-buffer.h b/src/camel/camel-stream-buffer.h
index ef92cfd8e..094e9926b 100644
--- a/src/camel/camel-stream-buffer.h
+++ b/src/camel/camel-stream-buffer.h
@@ -93,6 +93,7 @@ gint		camel_stream_buffer_gets	(CamelStreamBuffer *sbf,
 gchar *		camel_stream_buffer_read_line	(CamelStreamBuffer *sbf,
 						 GCancellable *cancellable,
 						 GError **error);
+void		camel_stream_buffer_discard_cache	(CamelStreamBuffer *sbf);
 
 G_END_DECLS
 
diff --git a/src/camel/providers/pop3/camel-pop3-store.c b/src/camel/providers/pop3/camel-pop3-store.c
index 81c370f0a..5c9eb1eaa 100644
--- a/src/camel/providers/pop3/camel-pop3-store.c
+++ b/src/camel/providers/pop3/camel-pop3-store.c
@@ -205,6 +205,8 @@ connect_to_server (CamelService *service,
 
 	if (tls_stream != NULL) {
 		camel_stream_set_base_stream (stream, tls_stream);
+		/* Truncate any left cached input from the insecure part of the session */
+		camel_pop3_stream_discard_cache (pop3_engine->stream);
 		g_object_unref (tls_stream);
 	} else {
 		g_prefix_error (
diff --git a/src/camel/providers/pop3/camel-pop3-stream.c b/src/camel/providers/pop3/camel-pop3-stream.c
index 74bb11e61..c485b9bd6 100644
--- a/src/camel/providers/pop3/camel-pop3-stream.c
+++ b/src/camel/providers/pop3/camel-pop3-stream.c
@@ -457,3 +457,14 @@ camel_pop3_stream_getd (CamelPOP3Stream *is,
 
 	return 1;
 }
+
+void
+camel_pop3_stream_discard_cache (CamelPOP3Stream *is)
+{
+	if (is) {
+		is->ptr = is->end = is->buf;
+		is->lineptr = is->linebuf;
+		is->lineend = is->linebuf + CAMEL_POP3_STREAM_LINE_SIZE;
+		is->ptr[0] = '\n';
+	}
+}
diff --git a/src/camel/providers/pop3/camel-pop3-stream.h b/src/camel/providers/pop3/camel-pop3-stream.h
index bb6dbb903..128c8c45a 100644
--- a/src/camel/providers/pop3/camel-pop3-stream.h
+++ b/src/camel/providers/pop3/camel-pop3-stream.h
@@ -87,6 +87,7 @@ gint		camel_pop3_stream_getd		(CamelPOP3Stream *is,
 						 guint *len,
 						 GCancellable *cancellable,
 						 GError **error);
+void		camel_pop3_stream_discard_cache	(CamelPOP3Stream *is);
 
 G_END_DECLS
 
diff --git a/src/camel/providers/smtp/camel-smtp-transport.c b/src/camel/providers/smtp/camel-smtp-transport.c
index 035baf367..1fc0f3206 100644
--- a/src/camel/providers/smtp/camel-smtp-transport.c
+++ b/src/camel/providers/smtp/camel-smtp-transport.c
@@ -323,6 +323,8 @@ connect_to_server (CamelService *service,
 
 	if (tls_stream != NULL) {
 		camel_stream_set_base_stream (stream, tls_stream);
+		/* Truncate any left cached input from the insecure part of the session */
+		camel_stream_buffer_discard_cache (transport->istream);
 		g_object_unref (tls_stream);
 	} else {
 		g_prefix_error (
-- 
GitLab
Commit	Line	Data
c35f87bb LLB	1	From ba82be72cfd427b5d72ff21f929b3a6d8529c4df Mon Sep 17 00:00:00 2001
	2	From: Milan Crha <mcrha@redhat.com>
	3	Date: Mon, 22 Jun 2020 13:40:17 +0200
	4	Subject: [PATCH] I#226 - CVE-2020-14928: Response Injection via STARTTLS in
	5	SMTP and POP3
	6
	7	Closes https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226
	8	---
	9	src/camel/camel-stream-buffer.c \| 19 +++++++++++++++++++
	10	src/camel/camel-stream-buffer.h \| 1 +
	11	src/camel/providers/pop3/camel-pop3-store.c \| 2 ++
	12	src/camel/providers/pop3/camel-pop3-stream.c \| 11 +++++++++++
	13	src/camel/providers/pop3/camel-pop3-stream.h \| 1 +
	14	.../providers/smtp/camel-smtp-transport.c \| 2 ++
	15	6 files changed, 36 insertions(+)
	16
	17	diff --git a/src/camel/camel-stream-buffer.c b/src/camel/camel-stream-buffer.c
	18	index 3e2e0dd36..a6f605ae5 100644
	19	--- a/src/camel/camel-stream-buffer.c
	20	+++ b/src/camel/camel-stream-buffer.c
	21	@@ -518,3 +518,22 @@ camel_stream_buffer_read_line (CamelStreamBuffer *sbf,
	22
	23	return g_strdup ((gchar *) sbf->priv->linebuf);
	24	}
	25	+
	26	+/**
	27	+ * camel_stream_buffer_discard_cache:
	28	+ * @sbf: a #CamelStreamBuffer
	29	+ *
	30	+ * Discards any cached data in the @sbf. The next read reads
	31	+ * from the stream.
	32	+ *
	33	+ * Since: 3.38
	34	+ **/
	35	+void
	36	+camel_stream_buffer_discard_cache (CamelStreamBuffer *sbf)
	37	+{
	38	+ g_return_if_fail (CAMEL_IS_STREAM_BUFFER (sbf));
	39	+
	40	+ sbf->priv->ptr = sbf->priv->buf;
	41	+ sbf->priv->end = sbf->priv->buf;
	42	+ sbf->priv->ptr[0] = '\0';
	43	+}
	44	diff --git a/src/camel/camel-stream-buffer.h b/src/camel/camel-stream-buffer.h
	45	index ef92cfd8e..094e9926b 100644
	46	--- a/src/camel/camel-stream-buffer.h
	47	+++ b/src/camel/camel-stream-buffer.h
	48	@@ -93,6 +93,7 @@ gint camel_stream_buffer_gets (CamelStreamBuffer *sbf,
	49	gchar * camel_stream_buffer_read_line (CamelStreamBuffer *sbf,
	50	GCancellable *cancellable,
	51	GError **error);
	52	+void camel_stream_buffer_discard_cache (CamelStreamBuffer *sbf);
	53
	54	G_END_DECLS
	55
	56	diff --git a/src/camel/providers/pop3/camel-pop3-store.c b/src/camel/providers/pop3/camel-pop3-store.c
	57	index 81c370f0a..5c9eb1eaa 100644
	58	--- a/src/camel/providers/pop3/camel-pop3-store.c
	59	+++ b/src/camel/providers/pop3/camel-pop3-store.c
	60	@@ -205,6 +205,8 @@ connect_to_server (CamelService *service,
	61
	62	if (tls_stream != NULL) {
	63	camel_stream_set_base_stream (stream, tls_stream);
	64	+ /* Truncate any left cached input from the insecure part of the session */
65	+ camel_pop3_stream_discard_cache (pop3_engine->stream);
66	g_object_unref (tls_stream);
67	} else {
68	g_prefix_error (
69	diff --git a/src/camel/providers/pop3/camel-pop3-stream.c b/src/camel/providers/pop3/camel-pop3-stream.c
70	index 74bb11e61..c485b9bd6 100644
71	--- a/src/camel/providers/pop3/camel-pop3-stream.c
72	+++ b/src/camel/providers/pop3/camel-pop3-stream.c
73	@@ -457,3 +457,14 @@ camel_pop3_stream_getd (CamelPOP3Stream *is,
74
75	return 1;
76	}
77	+
78	+void
79	+camel_pop3_stream_discard_cache (CamelPOP3Stream *is)
80	+{
81	+ if (is) {
82	+ is->ptr = is->end = is->buf;
83	+ is->lineptr = is->linebuf;
84	+ is->lineend = is->linebuf + CAMEL_POP3_STREAM_LINE_SIZE;
85	+ is->ptr[0] = '\n';
86	+ }
87	+}
88	diff --git a/src/camel/providers/pop3/camel-pop3-stream.h b/src/camel/providers/pop3/camel-pop3-stream.h
89	index bb6dbb903..128c8c45a 100644
90	--- a/src/camel/providers/pop3/camel-pop3-stream.h
91	+++ b/src/camel/providers/pop3/camel-pop3-stream.h
92	@@ -87,6 +87,7 @@ gint camel_pop3_stream_getd (CamelPOP3Stream *is,
93	guint *len,
94	GCancellable *cancellable,
95	GError **error);
96	+void camel_pop3_stream_discard_cache (CamelPOP3Stream *is);
97
98	G_END_DECLS
99
100	diff --git a/src/camel/providers/smtp/camel-smtp-transport.c b/src/camel/providers/smtp/camel-smtp-transport.c
101	index 035baf367..1fc0f3206 100644
102	--- a/src/camel/providers/smtp/camel-smtp-transport.c
103	+++ b/src/camel/providers/smtp/camel-smtp-transport.c
104	@@ -323,6 +323,8 @@ connect_to_server (CamelService *service,
105
106	if (tls_stream != NULL) {
107	camel_stream_set_base_stream (stream, tls_stream);
108	+ /* Truncate any left cached input from the insecure part of the session */
109	+ camel_stream_buffer_discard_cache (transport->istream);
110	g_object_unref (tls_stream);
111	} else {
112	g_prefix_error (
113	--
114	GitLab
115