diff options
-rw-r--r-- | ChangeLog | 118 | ||||
-rw-r--r-- | UPDATING | 5 | ||||
-rw-r--r-- | VERSION | 2 | ||||
-rw-r--r-- | imap/imap.c | 16 |
4 files changed, 140 insertions, 1 deletions
@@ -1,3 +1,121 @@ +2020-06-14 11:30:00 -0700 Kevin McCarthy <kevin@8t8.us> (3e88866d) + + * Prevent possible IMAP MITM via PREAUTH response. + + This is similar to CVE-2014-2567 and CVE-2020-12398. STARTTLS is not + allowed in the Authenticated state, so previously Mutt would + implicitly mark the connection as authenticated and skip any + encryption checking/enabling. + + No credentials are exposed, but it does allow messages to be sent to + an attacker, via postpone or fcc'ing for instance. + + Reuse the $ssl_starttls quadoption "in reverse" to prompt to abort the + connection if it is unencrypted. + + Thanks very much to Damian Poddebniak and Fabian Ising from the + Münster University of Applied Sciences for reporting this issue, and + their help in testing the fix. + +M imap/imap.c + +2020-06-06 20:03:56 -0700 Kevin McCarthy <kevin@8t8.us> (f64ec1de) + + * Fix GnuTLS interactive prompt short-circuiting. + + tls_verify_peers() doesn't verify expiration dates. So aborting early + because of a 0 certstat and the leaf passing tls_check_preauth() does + not mean subsequent intermediate certs are okay: they could be + expired. + + In the saved-cert preauth loop, instead of just noting the + tls_check_preauth() rc for the leaf, note the highest cert that passes + preauth. + + Then, in the interactive loop (which goes in the opposite order, from + CA to leaf) check that value instead. Since we are trusting certs one + by one, anything that passed in the previous loop will certainly pass + the preauth check at the beginning of tls_check_one_certificate(). + +M mutt_ssl_gnutls.c + +2020-06-05 18:16:31 -0700 Kevin McCarthy <kevin@8t8.us> (5fccf603) + + * Abort GnuTLS certificate check if a cert in the chain is rejected. + + GnuTLS is not checking dates because we disabled that in + tls_negotiate(). + + So if we don't do this, rejecting an expired intermediate cert will + have no effect. Certstat won't contain an expiration error, and + tls_check_preauth() will only look at each subsequent cert in the + chain's dates. + +M mutt_ssl_gnutls.c + +2020-06-05 15:21:03 -0700 Kevin McCarthy <kevin@8t8.us> (bb0e6277) + + * Fix GnuTLS tls_verify_peers() checking. + + * Change the function to pass the certstatus parameter by reference, + and indicate success/failure of the function via the return value. It + was previously returning the certstatus, but was also returning 0 or + the *unset* certstatus on error too. Since a 0 certstatus means + "success", this meant a gnutls_certificate_verify_peers2() failure + would be regarded as a valid cert. + + * The gnutls_certificate_type_get() inside tls_verify_peers() checks + the *client* certificate type. Since it was only called if + gnutls_certificate_verify_peers2() failed, I assume was either a + mistake, or perhaps an attempt to give a special error message if the + client cert was OpenPGP. In either case, the error message was not + very informative, so just remove the call and special error message. + + * Fix GNUTLS_E_NO_CERTIFICATE_FOUND check to be against verify_ret + instead of certstat. + + * Fix gnutls_strerror() call to use verify_ret instead of certstat. + + * gnutls_certificate_verify_peers2() already calls and checks + gnutls_auth_get_type(), so remove call at the beginning of + tls_check_certificate(). + + * gnutls_certificate_verify_peers2() also verifies the certificate + type for the *server* is GNUTLS_CRT_X509. Add a comment about that. + +M mutt_ssl_gnutls.c + +2020-05-27 14:33:58 -0700 Kevin McCarthy <kevin@8t8.us> (5ea51e88) + + * Fix doc install to check builddir first for bundled files. + + Although some of the built files are bundled in the tarball, someone + could still try to build/install from a git checkout with a separate + build directory. There might be other circumstances too, so better to + just add the check for now. + +M doc/Makefile.am + +2020-05-26 13:51:56 -0700 Kevin McCarthy <kevin@8t8.us> (0136dbd1) + + * Remove Muttrc and manual.txt from dist tarball files. + + The Muttrc needs to be generated because of docdir substitution. The + manual.txt may traditionally be generated by a different tool than the + one on my machine (lynx), so force that to be regenerated too. + + It may still be necessary to just rebuild everything, but let's see if + this will do for stable for now. + +M doc/Makefile.am + +2020-05-25 13:37:20 -0700 Kevin McCarthy <kevin@8t8.us> (6feaec02) + + * automatic post-release commit for mutt-1.14.2 + +M ChangeLog +M VERSION + 2020-05-25 13:29:22 -0700 Kevin McCarthy <kevin@8t8.us> (642a1cfd) * Update UPDATING file for release. @@ -9,6 +9,11 @@ http://www.mutt.org/relnotes/ The keys used are: !: modified feature, -: deleted feature, +: new feature +1.14.3 (2020-06-14): + + ! Bug fix release. + ! $ssl_starttls also controls aborting an unencrypted IMAP PREAUTH connection. + 1.14.2 (2020-05-25): ! Bug fix release. @@ -1 +1 @@ -1.14.2 +1.14.3 diff --git a/imap/imap.c b/imap/imap.c index 59f47d2e..2ddc3469 100644 --- a/imap/imap.c +++ b/imap/imap.c @@ -530,6 +530,22 @@ int imap_open_connection (IMAP_DATA* idata) } else if (ascii_strncasecmp ("* PREAUTH", idata->buf, 9) == 0) { +#if defined(USE_SSL) + /* An unencrypted PREAUTH response is most likely a MITM attack. + * Require a confirmation. */ + if (!idata->conn->ssf) + { + if (option(OPTSSLFORCETLS) || + (query_quadoption (OPT_SSLSTARTTLS, + _("Abort unencrypted PREAUTH connection?")) != MUTT_NO)) + { + mutt_error _("Encrypted connection unavailable"); + mutt_sleep (1); + goto err_close_conn; + } + } +#endif + idata->state = IMAP_AUTHENTICATED; if (imap_check_capabilities (idata) != 0) goto bail; |