diff options
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | driver.c | 17 | ||||
| -rw-r--r-- | etrn.c | 1 | ||||
| -rw-r--r-- | fetchmail.h | 3 | ||||
| -rw-r--r-- | imap.c | 3 | ||||
| -rw-r--r-- | odmr.c | 1 | ||||
| -rw-r--r-- | pop2.c | 9 | ||||
| -rw-r--r-- | pop3.c | 1 |
8 files changed, 12 insertions, 24 deletions
@@ -3,6 +3,7 @@ (The `lines' figures total .c, .h, .l, and .y files under version control.) * Nalin Dahyabhai's patch to make IPv6 build on older systems. +* Restrict shrouding to just the password send so it won't leak info. fetchmail-5.7.4 (Mon Mar 12 00:02:23 EST 2001), 20323 lines: @@ -88,6 +88,7 @@ int stage; /* where are we? */ int phase; /* where are we, for error-logging purposes? */ int mytimeout; /* value of nonreponse timeout */ int suppress_tags; /* emit tags? */ +char shroud[PASSWORDLEN]; /* string to shroud in debug output */ static const struct method *protocol; static jmp_buf restart; @@ -96,7 +97,6 @@ char tag[TAGLEN]; static int tagnum; #define GENSYM (sprintf(tag, "A%04d", ++tagnum % TAGMOD), tag) -static char shroud[PASSWORDLEN]; /* string to shroud in debug output */ static int timeoutcount; /* count consecutive timeouts */ static int msglen; /* actual message length */ @@ -1808,21 +1808,8 @@ const int maxfetch; /* maximum number of messages to fetch */ stage = STAGE_GETAUTH; if (protocol->getauth) { - /* - * We want to restrict shrouding as much as possible -- it - * might actually leak information by splatting out revealing - * pieces of a message. - */ - if (ctl->server.authenticate == A_PASSWORD) - if (protocol->password_canonify) - (protocol->password_canonify)(shroud, ctl->password, PASSWORDLEN); - else - strcpy(shroud, ctl->password); - ok = (protocol->getauth)(mailserver_socket, ctl, buf); - shroud[0] = '\0'; - if (ok != 0) { if (ok == PS_LOCKBUSY) @@ -2481,7 +2468,7 @@ is restored.")); } closeUp: - /* execute post-initialization command, if any */ + /* execute wrapup command, if any */ if (ctl->postconnect && (ok = system(ctl->postconnect))) { report(stderr, _("post-connection command failed with status %d\n"), ok); @@ -130,7 +130,6 @@ const static struct method etrn = FALSE, /* this is not a tagged protocol */ FALSE, /* this does not use a message delimiter */ etrn_ok, /* parse command response */ - NULL, /* no password canonicalization */ NULL, /* no need to get authentication */ etrn_getrange, /* initialize message sending */ NULL, /* we cannot get a list of sizes */ diff --git a/fetchmail.h b/fetchmail.h index e5d576a0..9f530031 100644 --- a/fetchmail.h +++ b/fetchmail.h @@ -173,8 +173,6 @@ struct method /* describe methods for protocol state machine */ flag delimited; /* if true, accept "." message delimiter */ int (*parse_response)(int, char *); /* response_parsing function */ - int (*password_canonify)(char *, char *, int); - /* canonicalize password */ int (*getauth)(int, struct query *, char *); /* authorization fetcher */ int (*getrange)(int, struct query *, const char *, int *, int *, int *); @@ -381,6 +379,7 @@ extern flag configdump; /* dump control blocks as Python dictionary */ extern const char *fetchmailhost; /* either "localhost" or an FQDN */ extern int suppress_tags; /* suppress tags in tagged protocols? */ +extern char shroud[PASSWORDLEN]; /* string to shroud in debug output */ #ifdef SDPS_ENABLE extern char *sdps_envfrom; extern char *sdps_envto; @@ -375,7 +375,9 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting) imap_canonicalize(remotename, ctl->remotename, NAMELEN); imap_canonicalize(password, ctl->password, PASSWORDLEN); + imap_canonicalize(shroud, ctl->password, PASSWORDLEN); ok = gen_transact(sock, "LOGIN \"%s\" \"%s\"", remotename, password); + shroud[0] = '\0'; } if (ok) @@ -827,7 +829,6 @@ const static struct method imap = TRUE, /* this is a tagged protocol */ FALSE, /* no message delimiter */ imap_ok, /* parse command response */ - imap_canonicalize, /* deal with embedded slashes and spaces */ imap_getauth, /* get authorization */ imap_getrange, /* query range of messages */ imap_getsizes, /* get sizes of messages (used for ESMTP SIZE option) */ @@ -190,7 +190,6 @@ const static struct method odmr = FALSE, /* this is not a tagged protocol */ FALSE, /* this does not use a message delimiter */ odmr_ok, /* parse command response */ - NULL, /* no password canonicalization */ NULL, /* no need to get authentication */ odmr_getrange, /* initialize message sending */ NULL, /* we cannot get a list of sizes */ @@ -54,9 +54,13 @@ static int pop2_ok (int sock, char *argbuf) static int pop2_getauth(int sock, struct query *ctl, char *buf) /* apply for connection authorization */ { - return(gen_transact(sock, + int status; + + strcpy(shroud, ctl->password) + status = gen_transact(sock, "HELO %s %s", - ctl->remotename, ctl->password)); + ctl->remotename, ctl->password); + shroud[0] = '\0'; } static int pop2_getrange(int sock, struct query *ctl, const char *folder, @@ -134,7 +138,6 @@ const static struct method pop2 = FALSE, /* this is not a tagged protocol */ FALSE, /* does not use message delimiter */ pop2_ok, /* parse command response */ - NULL, /* no password canonicalization */ pop2_getauth, /* get authorization */ pop2_getrange, /* query range of messages */ NULL, /* no way to get sizes */ @@ -729,7 +729,6 @@ const static struct method pop3 = FALSE, /* this is not a tagged protocol */ TRUE, /* this uses a message delimiter */ pop3_ok, /* parse command response */ - NULL, /* no password canonicalization */ pop3_getauth, /* get authorization */ pop3_getrange, /* query range of messages */ pop3_getsizes, /* we can get a list of sizes */ |