moparisthebest/davmail
1
0
Fork 0
mirror of https://github.com/moparisthebest/davmail synced 2024-12-21 15:08:52 -05:00
Code Issues Releases Wiki Activity

Fix potential CVE-2014-3566 vulnerability

Browse Source 
git-svn-id: http://svn.code.sf.net/p/davmail/code/trunk@2322 3d1905a2-6b24-0410-a738-b14d5a86fcbd
This commit is contained in:
mguessan 2014-10-27 07:50:03 +00:00
parent dca0002271
commit 411caf611e
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/java/davmail/AbstractServer.java
View File

@ -24,6 +24,7 @@ import davmail.ui.tray.DavGatewayTray;
import javax.net.ServerSocketFactory; import javax.net.ServerSocketFactory;
import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext; import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import java.io.FileInputStream; import java.io.FileInputStream;
import java.io.IOException; import java.io.IOException;
import java.net.Inet4Address; import java.net.Inet4Address;
@ -31,6 +32,7 @@ import java.net.ServerSocket;
import java.net.Socket; import java.net.Socket;
import java.security.GeneralSecurityException; import java.security.GeneralSecurityException;
import java.security.KeyStore; import java.security.KeyStore;
import java.util.HashSet;
/** /**
* Generic abstract server common to SMTP and POP3 implementations * Generic abstract server common to SMTP and POP3 implementations
@ -103,7 +105,7 @@ public abstract class AbstractServer extends Thread {
// SSLContext is environment for implementing JSSE... // SSLContext is environment for implementing JSSE...
// create ServerSocketFactory // create ServerSocketFactory
SSLContext sslContext = SSLContext.getInstance("SSLv3"); SSLContext sslContext = SSLContext.getInstance("TLS");
// initialize sslContext to work with key managers // initialize sslContext to work with key managers
sslContext.init(kmf.getKeyManagers(), null, null); sslContext.init(kmf.getKeyManagers(), null, null);
@ -131,6 +133,17 @@ public abstract class AbstractServer extends Thread {
} else { } else {
serverSocket = serverSocketFactory.createServerSocket(port, 0, Inet4Address.getByName(bindAddress)); serverSocket = serverSocketFactory.createServerSocket(port, 0, Inet4Address.getByName(bindAddress));
} }
if (serverSocket instanceof SSLServerSocket) {
// CVE-2014-3566 disable SSLv3
HashSet<String> protocols = new HashSet<String>();
for (String protocol : ((SSLServerSocket) serverSocket).getEnabledProtocols()) {
if (!protocol.startsWith("SSL")) {
protocols.add(protocol);
}
}
((SSLServerSocket) serverSocket).setEnabledProtocols(protocols.toArray(new String[protocols.size()]));
}
} catch (IOException e) { } catch (IOException e) {
throw new DavMailException("LOG_SOCKET_BIND_FAILED", getProtocolName(), port); throw new DavMailException("LOG_SOCKET_BIND_FAILED", getProtocolName(), port);
} }