rpms / dovecot

Clone
Source Code
GIT

Blame SOURCES/dovecot-2.2.36-cve_2019_3814part2of3.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c7-ppc64le c8 c8-beta c8s c9 c9-beta
  1.   7f3edca6d99b315a64b0d4519fc5f02dab58ec94
  2.   SOURCES
  3.   dovecot-2.2.36-cve_2019_3814part2of3.patch
Blob History Raw
11c5e2 
From 7525fece60f01b52deb13df3620976ee1d616837 Mon Sep 17 00:00:00 2001
11c5e2 
From: Aki Tuomi <aki.tuomi@open-xchange.com>
11c5e2 
Date: Mon, 21 Jan 2019 10:54:06 +0200
11c5e2 
Subject: [PATCH] auth: Fail authentication if certificate username was
11c5e2 
 unexpectedly missing
11c5e2
11c5e2 
---
11c5e2 
 src/auth/auth-request-handler.c | 8 ++++++++
11c5e2 
 1 file changed, 8 insertions(+)
11c5e2
11c5e2 
diff --git a/src/auth/auth-request-handler.c b/src/auth/auth-request-handler.c
11c5e2 
index 617dc1883d..3044e94f91 100644
11c5e2 
--- a/src/auth/auth-request-handler.c
11c5e2 
+++ b/src/auth/auth-request-handler.c
11c5e2 
@@ -560,6 +560,14 @@ bool auth_request_handler_auth_begin(struct auth_request_handler *handler,
11c5e2 
 		return TRUE;
11c5e2 
 	}
11c5e2
11c5e2 
+	if (request->set->ssl_require_client_cert &&
11c5e2 
+	    request->set->ssl_username_from_cert &&
11c5e2 
+	    !request->cert_username) {
11c5e2 
+		 auth_request_handler_auth_fail(handler, request,
11c5e2 
+			"SSL certificate didn't contain username");
11c5e2 
+		return TRUE;
11c5e2 
+	}
11c5e2 
+
11c5e2 
 	/* Empty initial response is a "=" base64 string. Completely empty
11c5e2 
 	   string shouldn't really be sent, but at least Exim does it,
11c5e2 
 	   so just allow it for backwards compatibility.. */

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation