serv/mox
1
0
Fork 0
mirror of https://github.com/mjl-/mox.git synced 2024-12-26 08:23:48 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
mox/imapserver
History
Mechiel Lukkien aef99a72d8
imapserver: prevent unbounded memory allocations when handling a command 
some commands, like search, can specify any number of literals, of arbitrary
size.  we already limited individual literals to 100kb. but you could specify
many of them, causing unbounded memory consumption. this change adds a limit of
1000 literals in a command, and a limit of 1mb of total combined memory for
literals. once the limits are exceeded, a TOOBIG error code is returned.

unbounded memory use could only be triggered on authenticated connections.

this addresses the same issue as CVE-2024-34055 for cyrus-imap, by damian
poddebniak.
2024-06-10 15:00:18 +02:00
..
append_test.go prevent unicode-confusion in password by applying PRECIS, and username/email address by applying unicode NFC normalization 2024-03-09 09:20:29 +01:00
authenticate_test.go prevent unicode-confusion in password by applying PRECIS, and username/email address by applying unicode NFC normalization 2024-03-09 09:20:29 +01:00
condstore_test.go fix the Status command on imapclient.Conn 2024-03-11 15:22:41 +01:00
copy_test.go prevent unicode-confusion in password by applying PRECIS, and username/email address by applying unicode NFC normalization 2024-03-09 09:20:29 +01:00
create_test.go prevent unicode-confusion in password by applying PRECIS, and username/email address by applying unicode NFC normalization 2024-03-09 09:20:29 +01:00
delete_test.go prevent unicode-confusion in password by applying PRECIS, and username/email address by applying unicode NFC normalization 2024-03-09 09:20:29 +01:00
error.go for imap/smtp syntax errors, only echo the remaining buffer if the connection is authenticated 2023-03-10 11:32:34 +01:00
expunge_test.go prevent unicode-confusion in password by applying PRECIS, and username/email address by applying unicode NFC normalization 2024-03-09 09:20:29 +01:00
fetch.go replace packages slog and slices from golang.org/x/exp with stdlib 2024-02-08 14:49:01 +01:00
fetch_test.go prevent unicode-confusion in password by applying PRECIS, and username/email address by applying unicode NFC normalization 2024-03-09 09:20:29 +01:00
fuzz_test.go in more tests, after closing accounts, check the last reference is indeed gone 2024-04-16 17:33:54 +02:00
idle_test.go prevent unicode-confusion in password by applying PRECIS, and username/email address by applying unicode NFC normalization 2024-03-09 09:20:29 +01:00
list.go imapserver: allow creating mailboxes with characters &#*%, and encode mailbox names in imap with imaputf7 when needed 2024-01-01 13:27:29 +01:00
list_test.go fix the Status command on imapclient.Conn 2024-03-11 15:22:41 +01:00
lsub_test.go prevent unicode-confusion in password by applying PRECIS, and username/email address by applying unicode NFC normalization 2024-03-09 09:20:29 +01:00
move_test.go prevent unicode-confusion in password by applying PRECIS, and username/email address by applying unicode NFC normalization 2024-03-09 09:20:29 +01:00
pack.go add two new log levels for tracing sensitive auth protocol messages, and bulk data messages 2023-02-03 20:33:19 +01:00
parse.go imapserver: prevent unbounded memory allocations when handling a command 2024-06-10 15:00:18 +02:00
prefixconn.go mox! 2023-01-30 14:27:06 +01:00
protocol.go imapserver: fix interpreting the first "*" in sequence/uid patterns, like "*:123" or plain "*" 2024-01-23 21:21:08 +01:00
protocol_test.go imapserver: fix interpreting the first "*" in sequence/uid patterns, like "*:123" or plain "*" 2024-01-23 21:21:08 +01:00
quota_test.go fix the Status command on imapclient.Conn 2024-03-11 15:22:41 +01:00
rename_test.go prevent unicode-confusion in password by applying PRECIS, and username/email address by applying unicode NFC normalization 2024-03-09 09:20:29 +01:00
search.go replace packages slog and slices from golang.org/x/exp with stdlib 2024-02-08 14:49:01 +01:00
search_test.go imapserver: prevent unbounded memory allocations when handling a command 2024-06-10 15:00:18 +02:00
selectexamine_test.go prevent unicode-confusion in password by applying PRECIS, and username/email address by applying unicode NFC normalization 2024-03-09 09:20:29 +01:00
server.go imapserver: prevent unbounded memory allocations when handling a command 2024-06-10 15:00:18 +02:00
server_test.go in more tests, after closing accounts, check the last reference is indeed gone 2024-04-16 17:33:54 +02:00
starttls_test.go prevent unicode-confusion in password by applying PRECIS, and username/email address by applying unicode NFC normalization 2024-03-09 09:20:29 +01:00
status_test.go fix the Status command on imapclient.Conn 2024-03-11 15:22:41 +01:00
store_test.go prevent unicode-confusion in password by applying PRECIS, and username/email address by applying unicode NFC normalization 2024-03-09 09:20:29 +01:00
subscribe_test.go prevent unicode-confusion in password by applying PRECIS, and username/email address by applying unicode NFC normalization 2024-03-09 09:20:29 +01:00
unselect_test.go fix the Status command on imapclient.Conn 2024-03-11 15:22:41 +01:00
unsubscribe_test.go prevent unicode-confusion in password by applying PRECIS, and username/email address by applying unicode NFC normalization 2024-03-09 09:20:29 +01:00
utf7.go imapserver: allow creating mailboxes with characters &#*%, and encode mailbox names in imap with imaputf7 when needed 2024-01-01 13:27:29 +01:00
utf7_test.go imapserver: allow creating mailboxes with characters &#*%, and encode mailbox names in imap with imaputf7 when needed 2024-01-01 13:27:29 +01:00