diff options
Diffstat (limited to 'backport-CVE-2025-53859-after-Mail-reset-stale-auth-credentials-with-smtp_auth-none.patch')
| -rw-r--r-- | backport-CVE-2025-53859-after-Mail-reset-stale-auth-credentials-with-smtp_auth-none.patch | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/backport-CVE-2025-53859-after-Mail-reset-stale-auth-credentials-with-smtp_auth-none.patch b/backport-CVE-2025-53859-after-Mail-reset-stale-auth-credentials-with-smtp_auth-none.patch new file mode 100644 index 0000000..feecb7b --- /dev/null +++ b/backport-CVE-2025-53859-after-Mail-reset-stale-auth-credentials-with-smtp_auth-none.patch @@ -0,0 +1,46 @@ +From 9c02c84a7443f3d736a1a5eb3f596de9af8a0c9c Mon Sep 17 00:00:00 2001 +From: Sergey Kandaurov <pluknet@nginx.com> +Date: Mon, 7 Jul 2025 23:48:44 +0400 +Subject: [PATCH] Mail: reset stale auth credentials with "smtp_auth none;". + +They might be reused in a session if an SMTP client proceeded +unauthenticated after previous invalid authentication attempts. +This could confuse an authentication server when passing stale +credentials along with "Auth-Method: none". + +The condition to send the "Auth-Salt" header is similarly refined. +--- + src/mail/ngx_mail_auth_http_module.c | 5 ++++- + src/mail/ngx_mail_smtp_handler.c | 3 +++ + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/mail/ngx_mail_auth_http_module.c b/src/mail/ngx_mail_auth_http_module.c +index 27f64b92e0d..4ca6d6e24dc 100644 +--- a/src/mail/ngx_mail_auth_http_module.c ++++ b/src/mail/ngx_mail_auth_http_module.c +@@ -1321,7 +1321,10 @@ ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool, + b->last = ngx_copy(b->last, passwd.data, passwd.len); + *b->last++ = CR; *b->last++ = LF; + +- if (s->auth_method != NGX_MAIL_AUTH_PLAIN && s->salt.len) { ++ if ((s->auth_method == NGX_MAIL_AUTH_APOP ++ || s->auth_method == NGX_MAIL_AUTH_CRAM_MD5) ++ && s->salt.len) ++ { + b->last = ngx_cpymem(b->last, "Auth-Salt: ", sizeof("Auth-Salt: ") - 1); + b->last = ngx_copy(b->last, s->salt.data, s->salt.len); + +diff --git a/src/mail/ngx_mail_smtp_handler.c b/src/mail/ngx_mail_smtp_handler.c +index e68ceedfdb5..1e26c2c8d7b 100644 +--- a/src/mail/ngx_mail_smtp_handler.c ++++ b/src/mail/ngx_mail_smtp_handler.c +@@ -782,6 +782,9 @@ ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c) + + ngx_str_set(&s->out, smtp_ok); + ++ ngx_str_null(&s->login); ++ ngx_str_null(&s->passwd); ++ + return NGX_OK; + } + |