mirror of
https://github.com/curl/curl.git
synced 2024-12-15 06:40:09 +08:00
8ef147c436
If a server pipelines future responses within the STARTTLS response, the former are preserved in the pingpong cache across TLS negotiation and used as responses to the encrypted commands. This fix detects pipelined STARTTLS responses and rejects them with an error. CVE-2021-22947 Bug: https://curl.se/docs/CVE-2021-22947.html
58 lines
759 B
Plaintext
58 lines
759 B
Plaintext
<testcase>
|
|
<info>
|
|
<keywords>
|
|
POP3
|
|
STARTTLS
|
|
</keywords>
|
|
</info>
|
|
|
|
#
|
|
# Server-side
|
|
<reply>
|
|
<servercmd>
|
|
CAPA STLS USER
|
|
REPLY STLS -ERR currently unavailable\r\n+OK user accepted\r\n+OK authenticated
|
|
REPLY PASS -ERR Authentication credentials invalid
|
|
</servercmd>
|
|
<data nocheck="yes">
|
|
From: me@somewhere
|
|
To: fake@nowhere
|
|
|
|
body
|
|
|
|
--
|
|
yours sincerely
|
|
</data>
|
|
</reply>
|
|
|
|
#
|
|
# Client-side
|
|
<client>
|
|
<features>
|
|
SSL
|
|
</features>
|
|
<server>
|
|
pop3
|
|
</server>
|
|
<name>
|
|
POP3 STARTTLS pipelined server response
|
|
</name>
|
|
<command>
|
|
pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl
|
|
</command>
|
|
</client>
|
|
|
|
#
|
|
# Verify data after the test has been "shot"
|
|
<verify>
|
|
# 8 is CURLE_WEIRD_SERVER_REPLY
|
|
<errorcode>
|
|
8
|
|
</errorcode>
|
|
<protocol>
|
|
CAPA
|
|
STLS
|
|
</protocol>
|
|
</verify>
|
|
</testcase>
|