diff options
| author | hiro <hiro@ee746299-78ed-0310-b773-934348b2243d> | 2007-04-19 04:29:41 +0000 |
|---|---|---|
| committer | hiro <hiro@ee746299-78ed-0310-b773-934348b2243d> | 2007-04-19 04:29:41 +0000 |
| commit | 66d054675b8d540f7460cdde7c3364c2af517823 (patch) | |
| tree | df72b42514b92847a66c7b4a1e10683ca49b0741 | |
| parent | 6e63f1be265a5173c59d169e5c18719d8055ae3f (diff) | |
check for invalid APOP timestamp (CVE-2007-1558).
git-svn-id: svn://sylpheed.sraoss.jp/sylpheed/trunk@1656 ee746299-78ed-0310-b773-934348b2243d
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | ChangeLog.ja | 7 | ||||
| -rw-r--r-- | libsylph/pop.c | 58 |
3 files changed, 48 insertions, 24 deletions
@@ -1,5 +1,12 @@ 2007-04-19 + * libsylph/pop.c: + pop3_getauth_apop_send() + pop3_session_recv_msg(): check for invalid APOP timestamp + (CVE-2007-1558), and check for the functions' return value. + +2007-04-19 + * src/mainwindow.c: toolbar_customize() src/compose.c: toolbar_customize(): write config file after toolbar customization. diff --git a/ChangeLog.ja b/ChangeLog.ja index a5f2a98b..82a131ca 100644 --- a/ChangeLog.ja +++ b/ChangeLog.ja @@ -1,5 +1,12 @@ 2007-04-19 + * libsylph/pop.c: + pop3_getauth_apop_send() + pop3_session_recv_msg(): 不正な APOP タイムスタンプをチェックする + ようにし(CVE-2007-1558)、関数の戻り値をチェックするようにした。 + +2007-04-19 + * src/mainwindow.c: toolbar_customize() src/compose.c: toolbar_customize(): ツールバーのカスタマイズの後 設定ファイルを書き出すようにした。 diff --git a/libsylph/pop.c b/libsylph/pop.c index 0ede3e71..195c0ed3 100644 --- a/libsylph/pop.c +++ b/libsylph/pop.c @@ -166,6 +166,12 @@ static gint pop3_getauth_apop_send(Pop3Session *session) *(end + 1) = '\0'; + if (!is_ascii_str(start) || strchr(start, '@') == NULL) { + log_warning(_("Invalid timestamp in greeting\n")); + session->error_val = PS_PROTOCOL; + return -1; + } + apop_str = g_strconcat(start, session->pass, NULL); md5 = s_gnet_md5_new((guchar *)apop_str, strlen(apop_str)); md5sum = s_gnet_md5_get_string(md5); @@ -707,7 +713,7 @@ static Pop3ErrorValue pop3_ok(Pop3Session *session, const gchar *msg) static gint pop3_session_recv_msg(Session *session, const gchar *msg) { Pop3Session *pop3_session = POP3_SESSION(session); - Pop3ErrorValue val = PS_SUCCESS; + gint val = PS_SUCCESS; const gchar *body; body = msg; @@ -732,76 +738,77 @@ static gint pop3_session_recv_msg(Session *session, const gchar *msg) switch (pop3_session->state) { case POP3_READY: case POP3_GREETING: - pop3_greeting_recv(pop3_session, body); + val = pop3_greeting_recv(pop3_session, body); #if USE_SSL if (pop3_session->ac_prefs->ssl_pop == SSL_STARTTLS) - pop3_stls_send(pop3_session); + val = pop3_stls_send(pop3_session); else #endif if (pop3_session->ac_prefs->use_apop_auth) - pop3_getauth_apop_send(pop3_session); + val = pop3_getauth_apop_send(pop3_session); else - pop3_getauth_user_send(pop3_session); + val = pop3_getauth_user_send(pop3_session); break; #if USE_SSL case POP3_STLS: - if (pop3_stls_recv(pop3_session) != PS_SUCCESS) + if ((val = pop3_stls_recv(pop3_session)) != PS_SUCCESS) return -1; if (pop3_session->ac_prefs->use_apop_auth) - pop3_getauth_apop_send(pop3_session); + val = pop3_getauth_apop_send(pop3_session); else - pop3_getauth_user_send(pop3_session); + val = pop3_getauth_user_send(pop3_session); break; #endif case POP3_GETAUTH_USER: - pop3_getauth_pass_send(pop3_session); + val = pop3_getauth_pass_send(pop3_session); break; case POP3_GETAUTH_PASS: case POP3_GETAUTH_APOP: if (pop3_session->auth_only) - pop3_logout_send(pop3_session); + val = pop3_logout_send(pop3_session); else - pop3_getrange_stat_send(pop3_session); + val = pop3_getrange_stat_send(pop3_session); break; case POP3_GETRANGE_STAT: - if (pop3_getrange_stat_recv(pop3_session, body) < 0) + if ((val = pop3_getrange_stat_recv(pop3_session, body)) < 0) return -1; if (pop3_session->count > 0) - pop3_getrange_uidl_send(pop3_session); + val = pop3_getrange_uidl_send(pop3_session); else - pop3_logout_send(pop3_session); + val = pop3_logout_send(pop3_session); break; case POP3_GETRANGE_LAST: if (val == PS_NOTSUPPORTED) pop3_session->error_val = PS_SUCCESS; - else if (pop3_getrange_last_recv(pop3_session, body) < 0) + else if ((val = pop3_getrange_last_recv + (pop3_session, body)) < 0) return -1; if (pop3_session->cur_msg > 0) - pop3_getsize_list_send(pop3_session); + val = pop3_getsize_list_send(pop3_session); else - pop3_logout_send(pop3_session); + val = pop3_logout_send(pop3_session); break; case POP3_GETRANGE_UIDL: if (val == PS_NOTSUPPORTED) { pop3_session->error_val = PS_SUCCESS; - pop3_getrange_last_send(pop3_session); + val = pop3_getrange_last_send(pop3_session); } else { pop3_session->state = POP3_GETRANGE_UIDL_RECV; - session_recv_data(session, 0, ".\r\n"); + val = session_recv_data(session, 0, ".\r\n"); } break; case POP3_GETSIZE_LIST: pop3_session->state = POP3_GETSIZE_LIST_RECV; - session_recv_data(session, 0, ".\r\n"); + val = session_recv_data(session, 0, ".\r\n"); break; case POP3_RETR: pop3_session->state = POP3_RETR_RECV; - session_recv_data_as_file(session, 0, ".\r\n"); + val = session_recv_data_as_file(session, 0, ".\r\n"); break; case POP3_DELETE: - pop3_delete_recv(pop3_session); + val = pop3_delete_recv(pop3_session); if (pop3_session->cur_msg == pop3_session->count) - pop3_logout_send(pop3_session); + val = pop3_logout_send(pop3_session); else { pop3_session->cur_msg++; if (pop3_lookup_next(pop3_session) == POP3_ERROR) @@ -817,7 +824,10 @@ static gint pop3_session_recv_msg(Session *session, const gchar *msg) return -1; } - return 0; + if (val == PS_SUCCESS) + return 0; + else + return -1; } static gint pop3_session_recv_data_finished(Session *session, guchar *data, |