File CVE-2021-32066.patch of Package ruby2.5.21931

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2021-32066.patch of Package ruby2.5.21931

From c10cfa6e1dd91eeca668e0bb310b17846fa91413 Mon Sep 17 00:00:00 2001
From: Ali Abdallah <ali.abdallah@suse.com>
Date: Wed, 6 Oct 2021 17:33:49 +0200
Subject: [PATCH 1/3] Backport upstream fix for CVE-2021-32066

Backport upstream commit a21a3b7d23704a01d34bd79d09dc37897e00922a

[PATCH] Fix StartTLS stripping vulnerability

Reported by Alexandr Savca in https://hackerone.com/reports/1178562

Co-authored-by: Shugo Maeda <shugo@ruby-lang.org>
---
 lib/net/imap.rb            |  8 +++++++-
 test/net/imap/test_imap.rb | 31 +++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/lib/net/imap.rb b/lib/net/imap.rb
index da7d0d555c..eedcb4f5cf 100644
--- a/lib/net/imap.rb
+++ b/lib/net/imap.rb
@@ -1213,12 +1213,14 @@ def get_tagged_response(tag, cmd)
       end
       resp = @tagged_responses.delete(tag)
       case resp.name
+      when /\A(?:OK)\z/ni
+        return resp
       when /\A(?:NO)\z/ni
         raise NoResponseError, resp
       when /\A(?:BAD)\z/ni
         raise BadResponseError, resp
       else
-        return resp
+        raise UnknownResponseError, resp
       end
     end
 
@@ -3714,6 +3716,10 @@ class BadResponseError < ResponseError
     class ByeResponseError < ResponseError
     end
 
+    # Error raised upon an unknown response from the server.
+    class UnknownResponseError < ResponseError
+    end
+
     RESPONSE_ERRORS = Hash.new(ResponseError)
     RESPONSE_ERRORS["NO"] = NoResponseError
     RESPONSE_ERRORS["BAD"] = BadResponseError
diff --git a/test/net/imap/test_imap.rb b/test/net/imap/test_imap.rb
index 41f25fe1c7..e43a793cda 100644
--- a/test/net/imap/test_imap.rb
+++ b/test/net/imap/test_imap.rb
@@ -127,6 +127,16 @@ def test_starttls
         imap.disconnect
       end
     end
+
+    def test_starttls_stripping
+      starttls_stripping_test do |port|
+        imap = Net::IMAP.new("localhost", :port => port)
+        assert_raise(Net::IMAP::UnknownResponseError) do
+          imap.starttls(:ca_file => CA_FILE)
+        end
+        imap
+      end
+    end
   end
 
   def test_unexpected_eof
@@ -760,6 +770,27 @@ def starttls_test
     end
   end
 
+  def starttls_stripping_test
+    server = create_tcp_server
+    port = server.addr[1]
+    @threads << Thread.start do
+      sock = server.accept
+      begin
+        sock.print("* OK test server\r\n")
+        sock.gets
+        sock.print("RUBY0001 BUG unhandled command\r\n")
+      ensure
+        sock.close
+        server.close
+      end
+    end
+    begin
+      imap = yield(port)
+    ensure
+      imap.disconnect if imap && !imap.disconnected?
+    end
+  end
+
   def create_tcp_server
     return TCPServer.new(server_addr, 0)
   end
-- 
2.32.0

Places

File CVE-2021-32066.patch of Package ruby2.5.21931

Places