Hi,
Why didn’t you apply this patch to v2.3.5.1?
commit df8addd41d87e61113de22a21a0e61506a8d74c2
Author: Stephan Bosch
Date: Tue Mar 12 03:18:33 2019 +0100
submission-login: client-authenticate - Fix crash occurring when client disconnects during authentication.
diff --git a/src/submission-login/client-authenticate.c b/src/submission-login/client-authenticate.c
index 8b5422f833..6b70701a1a 100644
--- a/src/submission-login/client-authenticate.c
+++ b/src/submission-login/client-authenticate.c
@@ -98,6 +98,9 @@ void submission_client_auth_result(struct client *client,
container_of(client, struct submission_client, common);
struct smtp_server_cmd_ctx *cmd = subm_client->pending_auth;
+ if (subm_client->conn == NULL)
+ return;
+
subm_client->pending_auth = NULL;
i_assert(cmd != NULL);
diff --git a/src/submission-login/client.c b/src/submission-login/client.c
index 3e45e556c7..212afb92cf 100644
--- a/src/submission-login/client.c
+++ b/src/submission-login/client.c
@@ -212,6 +212,8 @@ static void client_connection_disconnect(void *context, const char *reason)
{
struct submission_client *client = context;
+ client->pending_auth = NULL;
+ client->pending_starttls = NULL;
client_disconnect(&client->common, reason);
}
On 28 Mar 2019, at 08:41, Aki Tuomi via dovecot wrote:
https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig
Binary packages in https://repo.dovecot.org/
* CVE-2019-7524: Missing input buffer size validation leads into
arbitrary buffer overflow when reading fts or pop3 uidl header
from Dovecot index. Exploiting this requires direct write access to
the index files.
---
Aki Tuomi
Open-Xchange oy