IMAP: ignore unsolicited LIST and STATUS before we're authenticated (!5) · Merge requests · PIM / Trojitá

Jan Kundrát requested to merge bug-432353 into master Jan 30, 2022

These responses were combined with legit responses which arrive from the real server later on, after having authenticated, and as a result, a malicious active attacker on a network was able to inject extra fake mailboxes to the GUI even when upgrading connection from plaintext to a secure one via STARTTLS.

These two responses are the only ones which are handled by our pre-task code directly in Model.cpp, which means that the state machine has to be checked and messages which are received prior to authentication must be rejected. Since this is really a pretty serious violation of the IMAP state machine, let's not ignore them silently, and simply treat them as any other unexpected response.

BUG: 432353 Change-Id: I9292fcb20215ebe4dbc7a103fc9403dfa97b258b Reported-by: Damian Poddebniak Co-authored-by: Espen Sandøy Hustad espen@ehustad.com

Edited Jan 30, 2022 by Jan Kundrát

IMAP: ignore unsolicited LIST and STATUS before we're authenticated

Merge request reports