Commit b5c06cd7 authored by Brendan Cully's avatar Brendan Cully

Validate msgid in APOP authentication. Closes #2846

parent 19ed9358
......@@ -183,6 +183,13 @@ static pop_auth_res_t pop_auth_apop (POP_DATA *pop_data, const char *method)
if (!pop_data->timestamp)
return POP_A_UNAVAIL;
if (rfc822_valid_msgid (pop_data->timestamp) < 0)
{
mutt_error _("POP timestamp is invalid!");
mutt_sleep (2);
return POP_A_UNAVAIL;
}
mutt_message _("Authenticating (APOP)...");
/* Compute the authentication hash to send to the server */
......
......@@ -792,6 +792,52 @@ ADDRESS *rfc822_append (ADDRESS **a, ADDRESS *b)
return tmp;
}
/* incomplete. Only used to thwart the APOP MD5 attack (#2846). */
int rfc822_valid_msgid (const char *msgid)
{
/* msg-id = "<" addr-spec ">"
* addr-spec = local-part "@" domain
* local-part = word *("." word)
* word = atom / quoted-string
* atom = 1*<any CHAR except specials, SPACE and CTLs>
* CHAR = ( 0.-127. )
* specials = "(" / ")" / "<" / ">" / "@"
/ "," / ";" / ":" / "\" / <">
/ "." / "[" / "]"
* SPACE = ( 32. )
* CTLS = ( 0.-31., 127.)
* quoted-string = <"> *(qtext/quoted-pair) <">
* qtext = <any CHAR except <">, "\" and CR>
* CR = ( 13. )
* quoted-pair = "\" CHAR
* domain = sub-domain *("." sub-domain)
* sub-domain = domain-ref / domain-literal
* domain-ref = atom
* domain-literal = "[" *(dtext / quoted-pair) "]"
*/
char* dom;
unsigned int l, i;
if (!msgid || !*msgid)
return -1;
l = mutt_strlen (msgid);
if (l < 5) /* <atom@atom> */
return -1;
if (msgid[0] != '<' || msgid[l-1] != '>')
return -1;
if (!(dom = strrchr (msgid, '@')))
return -1;
/* TODO: complete parser */
for (i = 0; i < l; i++)
if ((unsigned char)msgid[i] > 127)
return -1;
return 0;
}
#ifdef TESTING
int safe_free (void **p) /* __SAFE_FREE_CHECKED__ */
{
......
......@@ -52,6 +52,7 @@ int rfc822_write_address (char *, size_t, ADDRESS *, int);
void rfc822_write_address_single (char *, size_t, ADDRESS *, int);
void rfc822_free_address (ADDRESS **addr);
void rfc822_cat (char *, size_t, const char *, const char *);
int rfc822_valid_msgid (const char *msgid);
extern int RFC822Error;
extern const char *RFC822Errors[];
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment