Fix CVE-2021-22946

Merge: curl/curl@364f174724
2025-02-09 19:15:03 +01:00 · 2023-06-13 11:38:31 +02:00 · 2023-06-13 11:38:31 +02:00 · f545af934a
commit f545af934a
parent 9529519fa3
3 changed files with 29 additions and 36 deletions
--- a/r5dev/thirdparty/curl/ftp.c
+++ b/r5dev/thirdparty/curl/ftp.c
@ -2664,9 +2664,12 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
    /* we have now received a full FTP server response */
    switch(ftpc->state) {
    case FTP_WAIT220:
-      if(ftpcode == 230)
-        /* 230 User logged in - already! */
-        return ftp_state_user_resp(conn, ftpcode, ftpc->state);
+      if(ftpcode == 230) {
+        /* 230 User logged in - already! Take as 220 if TLS required. */
+        if(data->set.use_ssl <= CURLUSESSL_TRY ||
+           conn->ssl[FIRSTSOCKET].use)
+          return ftp_state_user_resp(conn, ftpcode, ftpc->state);
+      }
      else if(ftpcode != 220) {
        failf(data, "Got a %03d ftp-server response when 220 was expected",
              ftpcode);
--- a/r5dev/thirdparty/curl/imap.c
+++ b/r5dev/thirdparty/curl/imap.c
@ -918,22 +918,17 @@ static CURLcode imap_state_capability_resp(struct connectdata *conn,
      line += wordlen;
    }
  }
-  else if(imapcode == 'O') {
-    if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
-      /* We don't have a SSL/TLS connection yet, but SSL is requested */
-      if(imapc->tls_supported)
-        /* Switch to TLS connection now */
-        result = imap_perform_starttls(conn);
-      else if(data->set.use_ssl == CURLUSESSL_TRY)
-        /* Fallback and carry on with authentication */
-        result = imap_perform_authentication(conn);
-      else {
-        failf(data, "STARTTLS not supported.");
-        result = CURLE_USE_SSL_FAILED;
-      }
+  else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
+    if(imapcode == 'O' && imapc->tls_supported) {
+      /* Switch to TLS connection now */
+      result = imap_perform_starttls(conn);
    }
-    else
+    else if(data->set.use_ssl <= CURLUSESSL_TRY)
      result = imap_perform_authentication(conn);
+    else {
+      failf(data, "STARTTLS not supported.");
+      result = CURLE_USE_SSL_FAILED;
+    }
  }
  else
    result = imap_perform_authentication(conn);
--- a/r5dev/thirdparty/curl/pop3.c
+++ b/r5dev/thirdparty/curl/pop3.c
@ -761,28 +761,23 @@ static CURLcode pop3_state_capa_resp(struct connectdata *conn, int pop3code,
      }
    }
  }
-  else if(pop3code == '+') {
-    if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
-      /* We don't have a SSL/TLS connection yet, but SSL is requested */
-      if(pop3c->tls_supported)
-        /* Switch to TLS connection now */
-        result = pop3_perform_starttls(conn);
-      else if(data->set.use_ssl == CURLUSESSL_TRY)
-        /* Fallback and carry on with authentication */
-        result = pop3_perform_authentication(conn);
-      else {
-        failf(data, "STLS not supported.");
-        result = CURLE_USE_SSL_FAILED;
-      }
-    }
-    else
-      result = pop3_perform_authentication(conn);
-  }
  else {
    /* Clear text is supported when CAPA isn't recognised */
-    pop3c->authtypes |= POP3_TYPE_CLEARTEXT;
+    if(pop3code != '+')
+      pop3c->authtypes |= POP3_TYPE_CLEARTEXT;

-    result = pop3_perform_authentication(conn);
+    if(!data->set.use_ssl || conn->ssl[FIRSTSOCKET].use)
+      result = pop3_perform_authentication(conn);
+    else if(pop3code == '+' && pop3c->tls_supported)
+      /* Switch to TLS connection now */
+      result = pop3_perform_starttls(conn);
+    else if(data->set.use_ssl <= CURLUSESSL_TRY)
+      /* Fallback and carry on with authentication */
+      result = pop3_perform_authentication(conn);
+    else {
+      failf(data, "STLS not supported.");
+      result = CURLE_USE_SSL_FAILED;
+    }
  }

  return result;