Hiwe did some debugging and want to share our findings, so that ist problem can be fixed ASAP.
I seams that error is triggered by the following changes to getxstring imap/imapparse.c:91
This function has been changed to fix CVE-2024-34055
@@ -149,12 +149,20 @@ EXPORTED int getxstring(struct protstrea
}
/* Literal */
- isnowait = pin->isclient;
+ isnowait = !pin->isclient;
buf_reset(buf);
c = getint32(pin, &len);
- if (c == '+') {
- // LITERAL- says maximum size is 4096!
- if (lminus && len > 4096) return EOF;
+
+ if (pin->isclient && c == '+') {
+ /* LITERAL- says maximum size is 4096! */
+ if (lminus && len > 4096) {
+ /* Fail per RFC 7888, Section 4, choice 2 */
+ fatal(error_message(IMAP_LITERAL_MINUS_TOO_LARGE),
EX_PROTOCOL);
+ }+ if (config_maxliteral && len >= 0 && (unsigned) len > config_maxliteral) {
+ /* Fail per RFC 7888, Section 4, choice 2 */
+ fatal(error_message(IMAP_LITERAL_TOO_LARGE), EX_PROTOCOL);
+ }
isnowait++;
c = prot_getc(pin);
}
I do not understand why the logic for isnowait has been inverted, but
this could be a red herring,
but as "ctl_mboxlist" is acting as a client i find it more suspicious
that "pin->isclient" was 0 and
therefore the "if (pin->isclient && c == '+') {" block was skipped
Removing the "pin->isclient &&" from the condition did allow
"ctl_mboxlist" to run successful
but i suspect that this is not a viable solution as it could/would
reintroduce some of the problems
from CVE-2024-34055 Kind regards Michael Menge Quoting Jean Charles Delépine via Info <info@xxxxxxxxxxxxxxxxxx>:
Quoting Ben Müller <ben.mueller@xxxxxxxxxxxxxxxx>:Hello, we have a small test setup with Cyrus Murder version 3.4 on RHEL 8.With version 3.4.7 all works well, but with version 3.4.8 the backend server cannot synchronize its local mailbox list with the MUPDATE server anymore. The command "ctl_mboxlist -m" gives the error message: "couldn't do LIST command on mupdate server".Does anybody see the same error? What can we do to make it work?Same problem here vith murder 3.2.12 and backend 3.8.3.The initial ctl_mboxlist -m works fine but not the others, ending with "couldn't do LIST command on mupdate server" error.Jean Charles Delépine -- Service systèmes et réseaux - DISI Université de Picardie Jules Verne 5, rue du moulin neuf - 80000 Amiens ------------------------------------------ Cyrus: InfoPermalink: https://cyrus.topicbox.com/groups/info/T5a7b6ffa3591f516-M29a7044fd59885b021526a31Delivery options: https://cyrus.topicbox.com/groups/info/subscription
-------------------------------------------------------------------------------- Michael Menge Tel.: (49) 7071 / 29-70316 Universität Tübingen Fax.: (49) 7071 / 29-5912Zentrum für Datenverarbeitung mail: michael.menge@xxxxxxxxxxxxxxxxxxxx
Wächterstraße 76 72074 Tübingen
Attachment:
smime.p7s
Description: S/MIME-Signatur
------------------------------------------ Cyrus: Info Permalink: https://cyrus.topicbox.com/groups/info/T5a7b6ffa3591f516-M87a6286487b258473c547bf1 Delivery options: https://cyrus.topicbox.com/groups/info/subscription
