Package: dovecot / 1:2.2.13-12~deb8u4

cve-2015-3420.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
Description: Fix SSL/TLS handshake failures leading to a crash of the login process (CVE-2015-3420)
Author: Timo Sirainen <tss@iki.fi>
Status: cherry-picked from upstream, http://hg.dovecot.org/dovecot-2.2/rev/86f535375750
Bug-Debian: https://bugs.debian.org/783649

diff -r a2d342257b25 -r 86f535375750 src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c	Sat Apr 25 12:16:07 2015 +0300
+++ b/src/login-common/ssl-proxy-openssl.c	Tue Apr 28 11:27:04 2015 +0200
@@ -80,6 +80,7 @@
 	unsigned int cert_broken:1;
 	unsigned int client_proxy:1;
 	unsigned int flushing:1;
+	unsigned int failed:1;
 };
 
 struct ssl_parameters {
@@ -131,6 +132,12 @@
 static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set);
 #endif
 
+static void ssl_proxy_destroy_failed(struct ssl_proxy *proxy)
+{
+	proxy->failed = TRUE;
+	ssl_proxy_destroy(proxy);
+}
+
 static unsigned int ssl_server_context_hash(const struct ssl_server_context *ctx)
 {
 	unsigned int i, g, h = 0;
@@ -462,7 +469,7 @@
 
 	if (errstr != NULL) {
 		proxy->last_error = i_strdup(errstr);
-		ssl_proxy_destroy(proxy);
+		ssl_proxy_destroy_failed(proxy);
 	}
 	ssl_proxy_unref(proxy);
 }
@@ -492,7 +499,7 @@
 
 	if (proxy->handshake_callback != NULL) {
 		if (proxy->handshake_callback(proxy->handshake_context) < 0)
-			ssl_proxy_destroy(proxy);
+			ssl_proxy_destroy_failed(proxy);
 	}
 }
 
@@ -822,7 +829,8 @@
 	if (proxy->destroyed || proxy->flushing)
 		return;
 	proxy->flushing = TRUE;
-	ssl_proxy_flush(proxy);
+	if (!proxy->failed && proxy->handshaked)
+		ssl_proxy_flush(proxy);
 	proxy->destroyed = TRUE;
 
 	ssl_proxy_count--;