diff options
| -rw-r--r-- | lib/ftp.c | 3 | ||||
| -rw-r--r-- | lib/imap.c | 4 | ||||
| -rw-r--r-- | lib/pop3.c | 4 | ||||
| -rw-r--r-- | lib/smtp.c | 4 | ||||
| -rw-r--r-- | tests/data/Makefile.inc | 2 | ||||
| -rw-r--r-- | tests/data/test980 | 52 | ||||
| -rw-r--r-- | tests/data/test981 | 59 | ||||
| -rw-r--r-- | tests/data/test982 | 57 | ||||
| -rw-r--r-- | tests/data/test983 | 52 |
9 files changed, 236 insertions, 1 deletions
@@ -2743,6 +2743,9 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, case FTP_AUTH: /* we have gotten the response to a previous AUTH command */ + if(pp->cache_size) + return CURLE_WEIRD_SERVER_REPLY; /* Forbid pipelining in response. */ + /* RFC2228 (page 5) says: * * If the server is willing to accept the named security mechanism, diff --git a/lib/imap.c b/lib/imap.c index 923b1d59b..6163899bb 100644 --- a/lib/imap.c +++ b/lib/imap.c @@ -963,6 +963,10 @@ static CURLcode imap_state_starttls_resp(struct Curl_easy *data, (void)instate; /* no use for this yet */ + /* Pipelining in response is forbidden. */ + if(data->conn->proto.imapc.pp.cache_size) + return CURLE_WEIRD_SERVER_REPLY; + if(imapcode != IMAP_RESP_OK) { if(data->set.use_ssl != CURLUSESSL_TRY) { failf(data, "STARTTLS denied"); diff --git a/lib/pop3.c b/lib/pop3.c index a331d71f7..d3f3de6d4 100644 --- a/lib/pop3.c +++ b/lib/pop3.c @@ -771,6 +771,10 @@ static CURLcode pop3_state_starttls_resp(struct Curl_easy *data, CURLcode result = CURLE_OK; (void)instate; /* no use for this yet */ + /* Pipelining in response is forbidden. */ + if(data->conn->proto.pop3c.pp.cache_size) + return CURLE_WEIRD_SERVER_REPLY; + if(pop3code != '+') { if(data->set.use_ssl != CURLUSESSL_TRY) { failf(data, "STARTTLS denied"); diff --git a/lib/smtp.c b/lib/smtp.c index 20dc85a5f..02ddaca0a 100644 --- a/lib/smtp.c +++ b/lib/smtp.c @@ -834,6 +834,10 @@ static CURLcode smtp_state_starttls_resp(struct Curl_easy *data, CURLcode result = CURLE_OK; (void)instate; /* no use for this yet */ + /* Pipelining in response is forbidden. */ + if(data->conn->proto.smtpc.pp.cache_size) + return CURLE_WEIRD_SERVER_REPLY; + if(smtpcode != 220) { if(data->set.use_ssl != CURLUSESSL_TRY) { failf(data, "STARTTLS denied, code %d", smtpcode); diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index 8e05ee907..787c36375 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -118,7 +118,7 @@ test954 test955 test956 test957 test958 test959 test960 test961 test962 \ test963 test964 test965 test966 test967 test968 test969 test970 test971 \ test972 \ \ -test984 test985 test986 \ +test980 test981 test982 test983 test984 test985 test986 \ \ test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \ test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \ diff --git a/tests/data/test980 b/tests/data/test980 new file mode 100644 index 000000000..97567f856 --- /dev/null +++ b/tests/data/test980 @@ -0,0 +1,52 @@ +<testcase> +<info> +<keywords> +SMTP +STARTTLS +</keywords> +</info> + +# +# Server-side +<reply> +<servercmd> +CAPA STARTTLS +AUTH PLAIN +REPLY STARTTLS 454 currently unavailable\r\n235 Authenticated\r\n250 2.1.0 Sender ok\r\n250 2.1.5 Recipient ok\r\n354 Enter mail\r\n250 2.0.0 Accepted +REPLY AUTH 535 5.7.8 Authentication credentials invalid +</servercmd> +</reply> + +# +# Client-side +<client> +<features> +SSL +</features> +<server> +smtp +</server> + <name> +SMTP STARTTLS pipelined server response + </name> +<stdin> +mail body +</stdin> + <command> +smtp://%HOSTIP:%SMTPPORT/%TESTNUMBER --mail-rcpt recipient@example.com --mail-from sender@example.com -u user:secret --ssl --sasl-ir -T - +</command> +</client> + +# +# Verify data after the test has been "shot" +<verify> +# 8 is CURLE_WEIRD_SERVER_REPLY +<errorcode> +8 +</errorcode> +<protocol> +EHLO %TESTNUMBER
+STARTTLS
+</protocol> +</verify> +</testcase> diff --git a/tests/data/test981 b/tests/data/test981 new file mode 100644 index 000000000..2b98ce42a --- /dev/null +++ b/tests/data/test981 @@ -0,0 +1,59 @@ +<testcase> +<info> +<keywords> +IMAP +STARTTLS +</keywords> +</info> + +# +# Server-side +<reply> +<servercmd> +CAPA STARTTLS +REPLY STARTTLS A002 BAD currently unavailable\r\nA003 OK Authenticated\r\nA004 OK Accepted +REPLY LOGIN A003 BAD Authentication credentials invalid +</servercmd> +</reply> + +# +# Client-side +<client> +<features> +SSL +</features> +<server> +imap +</server> + <name> +IMAP STARTTLS pipelined server response + </name> + <command> +imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl +</command> +<file name="log/upload%TESTNUMBER"> +Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST) +From: Fred Foobar <foobar@example.COM> +Subject: afternoon meeting +To: joe@example.com +Message-Id: <B27397-0100000@example.COM> +MIME-Version: 1.0 +Content-Type: TEXT/PLAIN; CHARSET=US-ASCII + +Hello Joe, do you think we can meet at 3:30 tomorrow? +</file> +</client> + +# +# Verify data after the test has been "shot" +<verify> +# 8 is CURLE_WEIRD_SERVER_REPLY +<errorcode> +8 +</errorcode> +<protocol> +A001 CAPABILITY
+A002 STARTTLS
+</protocol> +</verify> +</testcase> diff --git a/tests/data/test982 b/tests/data/test982 new file mode 100644 index 000000000..9e07cc0b3 --- /dev/null +++ b/tests/data/test982 @@ -0,0 +1,57 @@ +<testcase> +<info> +<keywords> +POP3 +STARTTLS +</keywords> +</info> + +# +# Server-side +<reply> +<servercmd> +CAPA STLS USER +REPLY STLS -ERR currently unavailable\r\n+OK user accepted\r\n+OK authenticated +REPLY PASS -ERR Authentication credentials invalid +</servercmd> +<data nocheck="yes"> +From: me@somewhere +To: fake@nowhere + +body + +-- + yours sincerely +</data> +</reply> + +# +# Client-side +<client> +<features> +SSL +</features> +<server> +pop3 +</server> + <name> +POP3 STARTTLS pipelined server response + </name> + <command> +pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl + </command> +</client> + +# +# Verify data after the test has been "shot" +<verify> +# 8 is CURLE_WEIRD_SERVER_REPLY +<errorcode> +8 +</errorcode> +<protocol> +CAPA
+STLS
+</protocol> +</verify> +</testcase> diff --git a/tests/data/test983 b/tests/data/test983 new file mode 100644 index 000000000..300ec459c --- /dev/null +++ b/tests/data/test983 @@ -0,0 +1,52 @@ +<testcase> +<info> +<keywords> +FTP +STARTTLS +</keywords> +</info> + +# +# Server-side +<reply> +<servercmd> +REPLY AUTH 500 unknown command\r\n500 unknown command\r\n331 give password\r\n230 Authenticated\r\n257 "/"\r\n200 OK\r\n200 OK\r\n200 OK\r\n226 Transfer complete +REPLY PASS 530 Login incorrect +</servercmd> +</reply> + +# Client-side +<client> +<features> +SSL +</features> +<server> +ftp +</server> + <name> +FTP STARTTLS pipelined server response + </name> +<file name="log/test%TESTNUMBER.txt"> +data + to + see +that FTPS +works + so does it? +</file> + <command> +--ssl --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret -P %CLIENTIP +</command> +</client> + +# Verify data after the test has been "shot" +<verify> +# 8 is CURLE_WEIRD_SERVER_REPLY +<errorcode> +8 +</errorcode> +<protocol> +AUTH SSL
+</protocol> +</verify> +</testcase> |