Blame SOURCES/dovecot-2.3.13-CVE_2020_25275-part3.patch

27f02a
From 0386140f61f9ba62225e90b419215f72bba6ad8b Mon Sep 17 00:00:00 2001
27f02a
From: Timo Sirainen <timo.sirainen@open-xchange.com>
27f02a
Date: Mon, 17 Aug 2020 18:11:36 +0300
27f02a
Subject: [PATCH] imap: Use imap_parser_read_tag() and _read_command_name()
27f02a
27f02a
---
27f02a
 src/imap/imap-client.c | 33 ++++++++++++++++++++++-----------
27f02a
 1 file changed, 22 insertions(+), 11 deletions(-)
27f02a
27f02a
diff --git a/src/imap/imap-client.c b/src/imap/imap-client.c
27f02a
index 0bf03caa97..95e57dbf53 100644
27f02a
--- a/src/imap/imap-client.c
27f02a
+++ b/src/imap/imap-client.c
27f02a
@@ -1182,6 +1182,9 @@ client_command_failed_early(struct client_command_context **_cmd,
27f02a
 {
27f02a
 	struct client_command_context *cmd = *_cmd;
27f02a
 
27f02a
+	/* ignore the rest of this line */
27f02a
+	cmd->client->input_skip_line = TRUE;
27f02a
+
27f02a
 	io_loop_time_refresh();
27f02a
 	command_stats_start(cmd);
27f02a
 	client_send_command_error(cmd, error);
27f02a
@@ -1193,6 +1196,8 @@ static bool client_command_input(struct client_command_context *cmd)
27f02a
 {
27f02a
 	struct client *client = cmd->client;
27f02a
 	struct command *command;
27f02a
+	const char *tag, *name;
27f02a
+	int ret;
27f02a
 
27f02a
         if (cmd->func != NULL) {
27f02a
 		/* command is being executed - continue it */
27f02a
@@ -1207,27 +1212,33 @@ static bool client_command_input(struct client_command_context *cmd)
27f02a
 	}
27f02a
 
27f02a
 	if (cmd->tag == NULL) {
27f02a
-                cmd->tag = imap_parser_read_word(cmd->parser);
27f02a
-		if (cmd->tag == NULL)
27f02a
+		ret = imap_parser_read_tag(cmd->parser, &tag;;
27f02a
+		if (ret == 0)
27f02a
 			return FALSE; /* need more data */
27f02a
-		cmd->tag = p_strdup(cmd->pool, cmd->tag);
27f02a
+		if (ret < 0) {
27f02a
+			client_command_failed_early(&cmd, "Invalid tag.");
27f02a
+			return TRUE;
27f02a
+		}
27f02a
+		cmd->tag = p_strdup(cmd->pool, tag);
27f02a
 	}
27f02a
 
27f02a
 	if (cmd->name == NULL) {
27f02a
-		cmd->name = imap_parser_read_word(cmd->parser);
27f02a
-		if (cmd->name == NULL)
27f02a
+		ret = imap_parser_read_command_name(cmd->parser, &name);
27f02a
+		if (ret == 0)
27f02a
 			return FALSE; /* need more data */
27f02a
+		if (ret < 0) {
27f02a
+			client_command_failed_early(&cmd, "Invalid command name.");
27f02a
+			return TRUE;
27f02a
+		}
27f02a
 
27f02a
 		/* UID commands are a special case. better to handle them
27f02a
 		   here. */
27f02a
-		if (!cmd->uid && strcasecmp(cmd->name, "UID") == 0) {
27f02a
+		if (!cmd->uid && strcasecmp(name, "UID") == 0) {
27f02a
 			cmd->uid = TRUE;
27f02a
-			cmd->name = imap_parser_read_word(cmd->parser);
27f02a
-			if (cmd->name == NULL)
27f02a
-				return FALSE; /* need more data */
27f02a
+			return client_command_input(cmd);
27f02a
 		}
27f02a
-		cmd->name = !cmd->uid ? p_strdup(cmd->pool, cmd->name) :
27f02a
-			p_strconcat(cmd->pool, "UID ", cmd->name, NULL);
27f02a
+		cmd->name = !cmd->uid ? p_strdup(cmd->pool, name) :
27f02a
+			p_strconcat(cmd->pool, "UID ", name, NULL);
27f02a
 		client_command_init_finished(cmd);
27f02a
 		imap_refresh_proctitle();
27f02a
 	}