rpms / cyrus-imapd

Clone
Source Code
GIT

Blame SOURCES/cyrus-imapd-CVE-2019-18928.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   66e0cc9424f11603f5ae5c43a1319783fa9a8851
  2.   SOURCES
  3.   cyrus-imapd-CVE-2019-18928.patch
Blob History Raw
3a8412 
diff --git a/imap/httpd.c b/imap/httpd.c
3a8412 
index 5dcf38dc4..d2fdeb945 100644
3a8412 
--- a/imap/httpd.c
3a8412 
+++ b/imap/httpd.c
3a8412 
@@ -1729,6 +1729,25 @@ static int examine_request(struct transaction_t *txn)
3a8412 
         txn->auth_chal.scheme = NULL;
3a8412 
     }
3a8412
3a8412 
+    /* Drop auth credentials, if not a backend in a Murder */
3a8412 
+    else if (!config_mupdate_server || !config_getstring(IMAPOPT_PROXYSERVERS)) {
3a8412 
+        syslog(LOG_DEBUG, "drop auth creds");
3a8412 
+
3a8412 
+        free(httpd_userid);
3a8412 
+        httpd_userid = NULL;
3a8412 
+
3a8412 
+        free(httpd_extrafolder);
3a8412 
+        httpd_extrafolder = NULL;
3a8412 
+
3a8412 
+        free(httpd_extradomain);
3a8412 
+        httpd_extradomain = NULL;
3a8412 
+
3a8412 
+        if (httpd_authstate) {
3a8412 
+            auth_freestate(httpd_authstate);
3a8412 
+            httpd_authstate = NULL;
3a8412 
+        }
3a8412 
+    }
3a8412 
+
3a8412 
     /* Perform proxy authorization, if necessary */
3a8412 
     else if (saslprops.authid &&
3a8412 
              (hdr = spool_getheader(txn->req_hdrs, "Authorize-As")) &&

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation