rpms / cyrus-imapd

Clone
Source Code
GIT

Blame SOURCES/cyrus-imapd-CVE-2019-18928.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   0f9cf8bca7677519e2ebe2b45378e0447aa4e0d3
  2.   SOURCES
  3.   cyrus-imapd-CVE-2019-18928.patch
Blob History Raw
0f9cf8 
diff --git a/imap/httpd.c b/imap/httpd.c
0f9cf8 
index 5dcf38dc4..d2fdeb945 100644
0f9cf8 
--- a/imap/httpd.c
0f9cf8 
+++ b/imap/httpd.c
0f9cf8 
@@ -1729,6 +1729,25 @@ static int examine_request(struct transaction_t *txn)
0f9cf8 
         txn->auth_chal.scheme = NULL;
0f9cf8 
     }
0f9cf8
0f9cf8 
+    /* Drop auth credentials, if not a backend in a Murder */
0f9cf8 
+    else if (!config_mupdate_server || !config_getstring(IMAPOPT_PROXYSERVERS)) {
0f9cf8 
+        syslog(LOG_DEBUG, "drop auth creds");
0f9cf8 
+
0f9cf8 
+        free(httpd_userid);
0f9cf8 
+        httpd_userid = NULL;
0f9cf8 
+
0f9cf8 
+        free(httpd_extrafolder);
0f9cf8 
+        httpd_extrafolder = NULL;
0f9cf8 
+
0f9cf8 
+        free(httpd_extradomain);
0f9cf8 
+        httpd_extradomain = NULL;
0f9cf8 
+
0f9cf8 
+        if (httpd_authstate) {
0f9cf8 
+            auth_freestate(httpd_authstate);
0f9cf8 
+            httpd_authstate = NULL;
0f9cf8 
+        }
0f9cf8 
+    }
0f9cf8 
+
0f9cf8 
     /* Perform proxy authorization, if necessary */
0f9cf8 
     else if (saslprops.authid &&
0f9cf8 
              (hdr = spool_getheader(txn->req_hdrs, "Authorize-As")) &&

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation