SECURITY: IMAP: PREAUTH->abort if STARTTLS needed

On --sslproto auto (or other nonempty values), when receiving IMAP PREAUTH state, abort the connection, rather than continuing with cleartext. --ssl is unaffected because it always negotiates TLS. See fetchmail-SA-2021-02.txt for details.
author: Matthias Andree <matthias.andree@gmx.de> 2021-08-26 23:53:14 +0200
committer: Matthias Andree <matthias.andree@gmx.de> 2021-08-26 23:53:14 +0200
commit: b82c3ccb65e3279996a690ebf577263d7730e0b3 (patch)
tree: de9b79d7ec877032c3bcfd1d62bb4561cd1e8702 /driver.c
parent: 3aad706dc9dd9fe6bcedc7d5e09037edf88f9e43 (diff)
download: fetchmail-b82c3ccb65e3279996a690ebf577263d7730e0b3.tar.gz
fetchmail-b82c3ccb65e3279996a690ebf577263d7730e0b3.tar.bz2
fetchmail-b82c3ccb65e3279996a690ebf577263d7730e0b3.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/driver.c b/driver.c
index 3e382d3a..5421c766 100644
--- a/driver.c
+++ b/driver.c
@@ -1243,10 +1243,18 @@ is restored."));
 			   ctl->remotename,
 			   ctl->server.truename);
 		}
+		else if (err == PS_SOCKET)
+		{
+		    report(stderr, GT_("Socket or TLS error on %s@%s\n"),
+			   ctl->remotename,
+			   ctl->server.truename);
+		}
 		else
+		{
 		    report(stderr, GT_("Unknown login or authentication error on %s@%s\n"),
 			   ctl->remotename,
 			   ctl->server.truename);
+		}
 		    
 		goto cleanUp;
 	    }
author	Matthias Andree <matthias.andree@gmx.de>	2021-08-26 23:53:14 +0200
committer	Matthias Andree <matthias.andree@gmx.de>	2021-08-26 23:53:14 +0200
commit	b82c3ccb65e3279996a690ebf577263d7730e0b3 (patch)
tree	de9b79d7ec877032c3bcfd1d62bb4561cd1e8702 /driver.c
parent	3aad706dc9dd9fe6bcedc7d5e09037edf88f9e43 (diff)
download	fetchmail-b82c3ccb65e3279996a690ebf577263d7730e0b3.tar.gz fetchmail-b82c3ccb65e3279996a690ebf577263d7730e0b3.tar.bz2 fetchmail-b82c3ccb65e3279996a690ebf577263d7730e0b3.zip