v2.3.5.1 released

Marcelo Coelho marcelo at tpn.com.br
Thu Mar 28 13:57:34 EET 2019


Hi,

Why didn’t you apply this patch to v2.3.5.1?


commit df8addd41d87e61113de22a21a0e61506a8d74c2
Author: Stephan Bosch <stephan.bosch at dovecot.fi>
Date:   Tue Mar 12 03:18:33 2019 +0100

   submission-login: client-authenticate - Fix crash occurring when client disconnects during authentication.

diff --git a/src/submission-login/client-authenticate.c b/src/submission-login/client-authenticate.c
index 8b5422f833..6b70701a1a 100644
--- a/src/submission-login/client-authenticate.c
+++ b/src/submission-login/client-authenticate.c
@@ -98,6 +98,9 @@ void submission_client_auth_result(struct client *client,
               container_of(client, struct submission_client, common);
       struct smtp_server_cmd_ctx *cmd = subm_client->pending_auth;

+       if (subm_client->conn == NULL)
+               return;
+
       subm_client->pending_auth = NULL;
       i_assert(cmd != NULL);

diff --git a/src/submission-login/client.c b/src/submission-login/client.c
index 3e45e556c7..212afb92cf 100644
--- a/src/submission-login/client.c
+++ b/src/submission-login/client.c
@@ -212,6 +212,8 @@ static void client_connection_disconnect(void *context, const char *reason)
{
       struct submission_client *client = context;

+       client->pending_auth = NULL;
+       client->pending_starttls = NULL;
       client_disconnect(&client->common, reason);
}


> On 28 Mar 2019, at 08:41, Aki Tuomi via dovecot <dovecot at dovecot.org> wrote:
> 
> https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz
> https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig
> Binary packages in https://repo.dovecot.org/
> 
>     * CVE-2019-7524: Missing input buffer size validation leads into
>       arbitrary buffer overflow when reading fts or pop3 uidl header
>       from Dovecot index. Exploiting this requires direct write access to
>       the index files.
> 
> ---
> Aki Tuomi
> Open-Xchange oy
> 



More information about the dovecot mailing list