From a7bdc41cd40706f8f8e54e20bec869827e61c98b Mon Sep 17 00:00:00 2001
From: Mechiel Lukkien <mechiel@ueber.net>
Date: Sun, 15 Sep 2024 17:18:50 +0200
Subject: [PATCH] reject attempts at starttls for smtp & imap when no tls
 config is present

we didn't announce starttls as capability, but clients can still try them. we
would try to do a handshake with a nil certificate, which would cause a
goroutine panic (which is handled gracefully, shutting down the connection).

found with code that was doing starttls unconditionally.
---
 imapserver/server.go | 3 +++
 smtpserver/server.go | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/imapserver/server.go b/imapserver/server.go
index d120ec0..e247104 100644
--- a/imapserver/server.go
+++ b/imapserver/server.go
@@ -1454,6 +1454,9 @@ func (c *conn) cmdStarttls(tag, cmd string, p *parser) {
 	if c.tls {
 		xsyntaxErrorf("tls already active") // ../rfc/9051:1353
 	}
+	if c.tlsConfig == nil {
+		xsyntaxErrorf("starttls not announced")
+	}
 
 	conn := c.conn
 	if n := c.br.Buffered(); n > 0 {
diff --git a/smtpserver/server.go b/smtpserver/server.go
index 4aefe26..5b1ccbb 100644
--- a/smtpserver/server.go
+++ b/smtpserver/server.go
@@ -931,6 +931,9 @@ func (c *conn) cmdStarttls(p *parser) {
 	if c.account != nil {
 		xsmtpUserErrorf(smtp.C503BadCmdSeq, smtp.SeProto5BadCmdOrSeq1, "cannot starttls after authentication")
 	}
+	if c.tlsConfig == nil {
+		xsmtpUserErrorf(smtp.C503BadCmdSeq, smtp.SeProto5BadCmdOrSeq1, "starttls not offered")
+	}
 
 	// We don't want to do TLS on top of c.r because it also prints protocol traces: We
 	// don't want to log the TLS stream. So we'll do TLS on the underlying connection,