rpms/cyrus-imapd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix for CVE-2021-32056

Browse Source 
Resolves: #1961788
This commit is contained in:
Pavel Zhukov 2021-07-12 07:35:23 +02:00
parent cbc2150220
commit 765456ad3e
2 changed files with 58 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
cyrus-imapd-CVE-2021-32056.patch Normal file
View File

@ -0,0 +1,53 @@
From 621f9e41465b521399f691c241181300fab55995 Mon Sep 17 00:00:00 2001
From: Bron Gondwana <brong@fastmail.fm>
Date: Sun, 18 Apr 2021 22:45:53 +1000
Subject: [PATCH] annotate: don't allow everyone to write shared server entries
---
imap/annotate.c | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/imap/annotate.c b/imap/annotate.c
index dc59a3b500..a5462d6e5f 100644
--- a/imap/annotate.c
+++ b/imap/annotate.c
@@ -2788,15 +2788,20 @@ static int write_entry(struct mailbox *mailbox,
keylen = make_key(mboxname, uid, entry, userid, key, sizeof(key));
- if (mailbox) {
- struct annotate_metadata oldmdata;
- r = read_old_value(d, key, keylen, &oldval, &oldmdata);
- if (r) goto out;
+ struct annotate_metadata oldmdata;
+ r = read_old_value(d, key, keylen, &oldval, &oldmdata);
+ if (r) goto out;
- /* if the value is identical, don't touch the mailbox */
- if (oldval.len == value->len && (!value->len || !memcmp(oldval.s, value->s, value->len)))
- goto out;
+ /* if the value is identical, don't touch the mailbox */
+ if (oldval.len == value->len && (!value->len || !memcmp(oldval.s, value->s, value->len)))
+ goto out;
+
+ if (!maywrite) {
+ r = IMAP_PERMISSION_DENIED;
+ if (r) goto out;
+ }
+ if (mailbox) {
if (!ignorequota) {
quota_t qdiffs[QUOTA_NUMRESOURCES] = QUOTA_DIFFS_DONTCARE_INITIALIZER;
qdiffs[QUOTA_ANNOTSTORAGE] = value->len - (quota_t)oldval.len;
@@ -2804,11 +2809,6 @@ static int write_entry(struct mailbox *mailbox,
if (r) goto out;
}
- if (!maywrite) {
- r = IMAP_PERMISSION_DENIED;
- if (r) goto out;
- }
-
/* do the annot-changed here before altering the DB */
mailbox_annot_changed(mailbox, uid, entry, userid, &oldval, value, silent);

6
cyrus-imapd.spec
View File

@ -14,7 +14,7 @@
Name: cyrus-imapd Name: cyrus-imapd
Version: 3.2.6 Version: 3.2.6
Release: 10%{?dist} Release: 11%{?dist}
%define ssl_pem_file_prefix /etc/pki/%name/%name %define ssl_pem_file_prefix /etc/pki/%name/%name
@ -54,6 +54,7 @@ Patch2: patch-cyrus-rename-quota
# https://github.com/cyrusimap/cyrus-imapd/issues/2629#issuecomment-456925909 # https://github.com/cyrusimap/cyrus-imapd/issues/2629#issuecomment-456925909
Patch4: patch-cyrus-perl-linking Patch4: patch-cyrus-perl-linking
Patch100: cyrus-imapd-CVE-2021-32056.patch
Source10: cyrus-imapd.logrotate Source10: cyrus-imapd.logrotate
Source11: cyrus-imapd.pam-config Source11: cyrus-imapd.pam-config
@ -658,6 +659,9 @@ getent passwd cyrus >/dev/null || /usr/sbin/useradd -c "Cyrus IMAP Server" -d /v
%changelog %changelog
* Mon Jul 12 2021 Pavel Zhukov <pzhukov@redhat.com> - 3.2.6-10
- Fix for CVE-2021-32056
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com>
- Rebuilt for RHEL 9 BETA for openssl 3.0 - Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065 Related: rhbz#1971065