mirror of
https://github.com/curl/curl.git
synced 2024-12-27 06:59:43 +08:00
8ef147c436
If a server pipelines future responses within the STARTTLS response, the former are preserved in the pingpong cache across TLS negotiation and used as responses to the encrypted commands. This fix detects pipelined STARTTLS responses and rejects them with an error. CVE-2021-22947 Bug: https://curl.se/docs/CVE-2021-22947.html
60 lines
1.0 KiB
Plaintext
60 lines
1.0 KiB
Plaintext
<testcase>
|
|
<info>
|
|
<keywords>
|
|
IMAP
|
|
STARTTLS
|
|
</keywords>
|
|
</info>
|
|
|
|
#
|
|
# Server-side
|
|
<reply>
|
|
<servercmd>
|
|
CAPA STARTTLS
|
|
REPLY STARTTLS A002 BAD currently unavailable\r\nA003 OK Authenticated\r\nA004 OK Accepted
|
|
REPLY LOGIN A003 BAD Authentication credentials invalid
|
|
</servercmd>
|
|
</reply>
|
|
|
|
#
|
|
# Client-side
|
|
<client>
|
|
<features>
|
|
SSL
|
|
</features>
|
|
<server>
|
|
imap
|
|
</server>
|
|
<name>
|
|
IMAP STARTTLS pipelined server response
|
|
</name>
|
|
<command>
|
|
imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl
|
|
</command>
|
|
<file name="log/upload%TESTNUMBER">
|
|
Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST)
|
|
From: Fred Foobar <foobar@example.COM>
|
|
Subject: afternoon meeting
|
|
To: joe@example.com
|
|
Message-Id: <B27397-0100000@example.COM>
|
|
MIME-Version: 1.0
|
|
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
|
|
|
|
Hello Joe, do you think we can meet at 3:30 tomorrow?
|
|
</file>
|
|
</client>
|
|
|
|
#
|
|
# Verify data after the test has been "shot"
|
|
<verify>
|
|
# 8 is CURLE_WEIRD_SERVER_REPLY
|
|
<errorcode>
|
|
8
|
|
</errorcode>
|
|
<protocol>
|
|
A001 CAPABILITY
|
|
A002 STARTTLS
|
|
</protocol>
|
|
</verify>
|
|
</testcase>
|