rpms / dovecot

Clone
Source Code
GIT

Blame SOURCES/dovecot-2.2.36-cve_2019_3814part2of3.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c7-ppc64le c8 c8-beta c8s c9 c9-beta
  1.   c9ace8a025a7e9164e9f68268f2eb058ff9b8256
  2.   SOURCES
  3.   dovecot-2.2.36-cve_2019_3814part2of3.patch
Blob History Raw
c9ace8 
From 7525fece60f01b52deb13df3620976ee1d616837 Mon Sep 17 00:00:00 2001
c9ace8 
From: Aki Tuomi <aki.tuomi@open-xchange.com>
c9ace8 
Date: Mon, 21 Jan 2019 10:54:06 +0200
c9ace8 
Subject: [PATCH] auth: Fail authentication if certificate username was
c9ace8 
 unexpectedly missing
c9ace8
c9ace8 
---
c9ace8 
 src/auth/auth-request-handler.c | 8 ++++++++
c9ace8 
 1 file changed, 8 insertions(+)
c9ace8
c9ace8 
diff --git a/src/auth/auth-request-handler.c b/src/auth/auth-request-handler.c
c9ace8 
index 617dc1883d..3044e94f91 100644
c9ace8 
--- a/src/auth/auth-request-handler.c
c9ace8 
+++ b/src/auth/auth-request-handler.c
c9ace8 
@@ -560,6 +560,14 @@ bool auth_request_handler_auth_begin(struct auth_request_handler *handler,
c9ace8 
 		return TRUE;
c9ace8 
 	}
c9ace8
c9ace8 
+	if (request->set->ssl_require_client_cert &&
c9ace8 
+	    request->set->ssl_username_from_cert &&
c9ace8 
+	    !request->cert_username) {
c9ace8 
+		 auth_request_handler_auth_fail(handler, request,
c9ace8 
+			"SSL certificate didn't contain username");
c9ace8 
+		return TRUE;
c9ace8 
+	}
c9ace8 
+
c9ace8 
 	/* Empty initial response is a "=" base64 string. Completely empty
c9ace8 
 	   string shouldn't really be sent, but at least Exim does it,
c9ace8 
 	   so just allow it for backwards compatibility.. */

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation