Hi, Why didn’t you apply this patch to v2.3.5.1? commit df8addd41d87e61113de22a21a0e61506a8d74c2 Author: Stephan Bosch <stephan.bosch@dovecot.fi> Date: Tue Mar 12 03:18:33 2019 +0100 submission-login: client-authenticate - Fix crash occurring when client disconnects during authentication. diff --git a/src/submission-login/client-authenticate.c b/src/submission-login/client-authenticate.c index 8b5422f833..6b70701a1a 100644 --- a/src/submission-login/client-authenticate.c +++ b/src/submission-login/client-authenticate.c @@ -98,6 +98,9 @@ void submission_client_auth_result(struct client *client, container_of(client, struct submission_client, common); struct smtp_server_cmd_ctx *cmd = subm_client->pending_auth; + if (subm_client->conn == NULL) + return; + subm_client->pending_auth = NULL; i_assert(cmd != NULL); diff --git a/src/submission-login/client.c b/src/submission-login/client.c index 3e45e556c7..212afb92cf 100644 --- a/src/submission-login/client.c +++ b/src/submission-login/client.c @@ -212,6 +212,8 @@ static void client_connection_disconnect(void *context, const char *reason) { struct submission_client *client = context; + client->pending_auth = NULL; + client->pending_starttls = NULL; client_disconnect(&client->common, reason); }
On 28 Mar 2019, at 08:41, Aki Tuomi via dovecot <dovecot@dovecot.org> wrote:
https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig Binary packages in https://repo.dovecot.org/
* CVE-2019-7524: Missing input buffer size validation leads into arbitrary buffer overflow when reading fts or pop3 uidl header from Dovecot index. Exploiting this requires direct write access to the index files.
--- Aki Tuomi Open-Xchange oy