Fix for CVE-2021-32056

Resolves: #1961788
2021-07-12 07:35:23 +02:00 · 2021-07-12 07:35:23 +02:00 · 765456ad3e
parent cbc2150220
commit 765456ad3e
2 changed files with 58 additions and 1 deletions
--- a/cyrus-imapd-CVE-2021-32056.patch
+++ b/cyrus-imapd-CVE-2021-32056.patch
@ -0,0 +1,53 @@
+From 621f9e41465b521399f691c241181300fab55995 Mon Sep 17 00:00:00 2001
+From: Bron Gondwana <brong@fastmail.fm>
+Date: Sun, 18 Apr 2021 22:45:53 +1000
+Subject: [PATCH] annotate: don't allow everyone to write shared server entries
+
+---
+ imap/annotate.c | 24 ++++++++++++------------
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/imap/annotate.c b/imap/annotate.c
+index dc59a3b500..a5462d6e5f 100644
+--- a/imap/annotate.c
+++ b/imap/annotate.c
+@@ -2788,15 +2788,20 @@ static int write_entry(struct mailbox *mailbox,
+ 
+     keylen = make_key(mboxname, uid, entry, userid, key, sizeof(key));
+ 
+-    if (mailbox) {
+-        struct annotate_metadata oldmdata;
+-        r = read_old_value(d, key, keylen, &oldval, &oldmdata);
+-        if (r) goto out;
+    struct annotate_metadata oldmdata;
+    r = read_old_value(d, key, keylen, &oldval, &oldmdata);
+    if (r) goto out;
+ 
+-        /* if the value is identical, don't touch the mailbox */
+-        if (oldval.len == value->len && (!value->len || !memcmp(oldval.s, value->s, value->len)))
+-            goto out;
+    /* if the value is identical, don't touch the mailbox */
+    if (oldval.len == value->len && (!value->len || !memcmp(oldval.s, value->s, value->len)))
+        goto out;
+
+    if (!maywrite) {
+        r = IMAP_PERMISSION_DENIED;
+        if (r) goto out;
+    }
+ 
+    if (mailbox) {
+         if (!ignorequota) {
+             quota_t qdiffs[QUOTA_NUMRESOURCES] = QUOTA_DIFFS_DONTCARE_INITIALIZER;
+             qdiffs[QUOTA_ANNOTSTORAGE] = value->len - (quota_t)oldval.len;
+@@ -2804,11 +2809,6 @@ static int write_entry(struct mailbox *mailbox,
+             if (r) goto out;
+         }
+ 
+-        if (!maywrite) {
+-            r = IMAP_PERMISSION_DENIED;
+-            if (r) goto out;
+-        }
+-
+         /* do the annot-changed here before altering the DB */
+         mailbox_annot_changed(mailbox, uid, entry, userid, &oldval, value, silent);
+ 
--- a/cyrus-imapd.spec
+++ b/cyrus-imapd.spec
@ -14,7 +14,7 @@

 Name: cyrus-imapd
 Version: 3.2.6
-Release: 10%{?dist}
+Release: 11%{?dist}

 %define ssl_pem_file_prefix /etc/pki/%name/%name

@ -54,6 +54,7 @@ Patch2: patch-cyrus-rename-quota
 # https://github.com/cyrusimap/cyrus-imapd/issues/2629#issuecomment-456925909
 Patch4: patch-cyrus-perl-linking

+Patch100: cyrus-imapd-CVE-2021-32056.patch

 Source10: cyrus-imapd.logrotate
 Source11: cyrus-imapd.pam-config
@ -658,6 +659,9 @@ getent passwd cyrus >/dev/null || /usr/sbin/useradd -c "Cyrus IMAP Server" -d /v


 %changelog
+* Mon Jul 12 2021 Pavel Zhukov <pzhukov@redhat.com> - 3.2.6-10
+- Fix for CVE-2021-32056
+
 * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com>
 - Rebuilt for RHEL 9 BETA for openssl 3.0
  Related: rhbz#1971065