From 59e63f429eef84cab8e33c9472c93fffe77f1a29 Mon Sep 17 00:00:00 2001 From: maminjie Date: Thu, 3 Jun 2021 17:21:39 +0800 Subject: [PATCH] backport some patches about imap-bodystructure --- ...MAP-BODYSTRUCTURE-parsing-as-invalid.patch | 26 ++++++++++++++++ ...-for-truncated-multipart-digest-part.patch | 30 +++++++++++++++++++ dovecot.spec | 7 ++++- 3 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 0003-Handle-empty-lists-in-IMAP-BODYSTRUCTURE-parsing-as-invalid.patch create mode 100644 0004-Fix-writing-BODYSTRUCTURE-for-truncated-multipart-digest-part.patch diff --git a/0003-Handle-empty-lists-in-IMAP-BODYSTRUCTURE-parsing-as-invalid.patch b/0003-Handle-empty-lists-in-IMAP-BODYSTRUCTURE-parsing-as-invalid.patch new file mode 100644 index 0000000..eec02a6 --- /dev/null +++ b/0003-Handle-empty-lists-in-IMAP-BODYSTRUCTURE-parsing-as-invalid.patch @@ -0,0 +1,26 @@ +From 269640a83ac140b48aaa191eec13ead5dd60519a Mon Sep 17 00:00:00 2001 +From: maminjie +Date: Thu, 3 Jun 2021 11:24:44 +0800 +Subject: [PATCH] Handle empty lists in IMAP BODYSTRUCTURE parsing as invalid + +reference: https://github.com/dovecot/core/commit/586cca576970cc377a40f995512dbc02981900a3 +--- + src/lib-imap/imap-bodystructure.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/lib-imap/imap-bodystructure.c b/src/lib-imap/imap-bodystructure.c +index b52af28..07bd5a4 100644 +--- a/src/lib-imap/imap-bodystructure.c ++++ b/src/lib-imap/imap-bodystructure.c +@@ -276,6 +276,8 @@ imap_bodystructure_params_parse(const struct imap_arg *arg, + return -1; + if ((list_count % 2) != 0) + return -1; ++ if (list_count == 0) ++ return -1; + + params_count = list_count/2; + params = p_new(pool, struct message_part_param, params_count+1); +-- +2.23.0 + diff --git a/0004-Fix-writing-BODYSTRUCTURE-for-truncated-multipart-digest-part.patch b/0004-Fix-writing-BODYSTRUCTURE-for-truncated-multipart-digest-part.patch new file mode 100644 index 0000000..4e00675 --- /dev/null +++ b/0004-Fix-writing-BODYSTRUCTURE-for-truncated-multipart-digest-part.patch @@ -0,0 +1,30 @@ +From 7039d1c3bc054142eb4034b88df150fda1eb75e4 Mon Sep 17 00:00:00 2001 +From: maminjie +Date: Thu, 3 Jun 2021 16:48:55 +0800 +Subject: [PATCH] Fix writing BODYSTRUCTURE for truncated multipart/digest part + +reference: +https://github.com/dovecot/core/commit/84cde48e5859b1d20f2fd98b57b7410b4d3727fa +https://github.com/dovecot/core/commit/0f66865e0e3dae3e902abd8bb559d7706dbff437 +--- + src/lib-imap/imap-bodystructure.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/lib-imap/imap-bodystructure.c b/src/lib-imap/imap-bodystructure.c +index 07bd5a4..81ce529 100644 +--- a/src/lib-imap/imap-bodystructure.c ++++ b/src/lib-imap/imap-bodystructure.c +@@ -164,6 +164,10 @@ static void part_write_body(const struct message_part *part, + str_append_c(str, ' '); + imap_append_string(str, data->content_subtype); + } ++ bool part_is_text = (part->flags & MESSAGE_PART_FLAG_TEXT) != 0; ++ if (text != part_is_text) { ++ return; ++ } + } + + /* ("content type param key" "value" ...) */ +-- +2.23.0 + diff --git a/dovecot.spec b/dovecot.spec index 45605fb..496313d 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Version: 2.3.10.1 -Release: 5 +Release: 6 Summary: Dovecot Secure imap server License: MIT and LGPLv2.1 URL: http://www.dovecot.org/ @@ -40,6 +40,8 @@ Patch6013: CVE-2020-25275-2.patch Patch6014: CVE-2020-24386.patch Patch6015: 0001-Fix-bugs-in-smtp-server.patch Patch6016: 0002-Fix-assert-crash-if-parsing-invalid-BODYSTRUCTURE.patch +Patch6017: 0003-Handle-empty-lists-in-IMAP-BODYSTRUCTURE-parsing-as-invalid.patch +Patch6018: 0004-Fix-writing-BODYSTRUCTURE-for-truncated-multipart-digest-part.patch BuildRequires: gcc-c++ openssl-devel pam-devel zlib-devel bzip2-devel libcap-devel BuildRequires: libtool autoconf automake pkgconfig sqlite-devel libpq-devel @@ -291,6 +293,9 @@ make check %changelog +* Thu Jun 03 2021 maminjie - 2.3.10.1-6 +- backport some patches about imap-bodystructure + * Sat Mar 27 2021 maminjie - 2.3.10.1-5 - Resolve fuzz-test about ABRT error -- Gitee