29 lines
999 B
Diff
29 lines
999 B
Diff
From bfb4ba6e6e742d3ca1a23697228fdddc957819a6 Mon Sep 17 00:00:00 2001
|
|
From: Kevin McCarthy <kevin@8t8.us>
|
|
Date: Sat, 20 Jun 2020 06:35:35 -0700
|
|
Subject: [PATCH] Don't check IMAP PREAUTH encryption if $tunnel is in use.
|
|
|
|
$tunnel is used to create an external encrypted connection. The default of $ssl_starttls is yes, meaning those kinds of connections will be broken by the CVE-2020-14093 fix.
|
|
---
|
|
imap/imap.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/imap/imap.c b/imap/imap.c
|
|
index 17d1411..a41ed46 100644
|
|
--- a/imap/imap.c
|
|
+++ b/imap/imap.c
|
|
@@ -495,8 +495,8 @@ int imap_open_connection (IMAP_DATA* idata)
|
|
{
|
|
#if defined(USE_SSL)
|
|
/* An unencrypted PREAUTH response is most likely a MITM attack.
|
|
- * Require a confirmation. */
|
|
- if (!idata->conn->ssf)
|
|
+ * Require a confirmation unless using $tunnel. */
|
|
+ if (!idata->conn->ssf && !Tunnel)
|
|
{
|
|
if (option(OPTSSLFORCETLS) ||
|
|
(query_quadoption (OPT_SSLSTARTTLS,
|
|
--
|
|
2.23.0
|
|
|