diff options
author | Patrick Monnerat <patrick@monnerat.net> | 2021-09-07 13:26:42 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2021-09-13 16:51:31 +0200 |
commit | 8ef147c43646e91fdaad5d0e7b60351f842e5c68 (patch) | |
tree | 61bc65da37b6c6e56a161c3ce841d15a4cc8b786 /tests/data/test983 | |
parent | 364f174724ef115c63d5e5dc1d3342c8a43b1cca (diff) | |
download | curl-8ef147c43646e91fdaad5d0e7b60351f842e5c68.tar.gz |
ftp,imap,pop3,smtp: reject STARTTLS server response pipelining
If a server pipelines future responses within the STARTTLS response, the
former are preserved in the pingpong cache across TLS negotiation and
used as responses to the encrypted commands.
This fix detects pipelined STARTTLS responses and rejects them with an
error.
CVE-2021-22947
Bug: https://curl.se/docs/CVE-2021-22947.html
Diffstat (limited to 'tests/data/test983')
-rw-r--r-- | tests/data/test983 | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/tests/data/test983 b/tests/data/test983 new file mode 100644 index 000000000..300ec459c --- /dev/null +++ b/tests/data/test983 @@ -0,0 +1,52 @@ +<testcase> +<info> +<keywords> +FTP +STARTTLS +</keywords> +</info> + +# +# Server-side +<reply> +<servercmd> +REPLY AUTH 500 unknown command\r\n500 unknown command\r\n331 give password\r\n230 Authenticated\r\n257 "/"\r\n200 OK\r\n200 OK\r\n200 OK\r\n226 Transfer complete +REPLY PASS 530 Login incorrect +</servercmd> +</reply> + +# Client-side +<client> +<features> +SSL +</features> +<server> +ftp +</server> + <name> +FTP STARTTLS pipelined server response + </name> +<file name="log/test%TESTNUMBER.txt"> +data + to + see +that FTPS +works + so does it? +</file> + <command> +--ssl --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret -P %CLIENTIP +</command> +</client> + +# Verify data after the test has been "shot" +<verify> +# 8 is CURLE_WEIRD_SERVER_REPLY +<errorcode> +8 +</errorcode> +<protocol> +AUTH SSL
+</protocol> +</verify> +</testcase> |