diff options
| -rw-r--r-- | INSTALL | 5 | ||||
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | pop2.c | 2 | ||||
| -rw-r--r-- | pop3.c | 2 | ||||
| -rw-r--r-- | uid.c | 20 |
5 files changed, 24 insertions, 8 deletions
@@ -70,10 +70,7 @@ you can direct the build to look for GSSAPI support under DIR. Hooks for the OpenSSL library (see http://www.openssl.org/) are included in the distribution. To enable these, configure with ---with-ssl; they are not included in the standard build. Note that -due to U.S. crypto export regulations (which we hope will soon be -overturned on Constitutional grounds), no actual cryptography code is -included in the distribution. +--with-ssl; they are not included in the standard build. If you want to build for debugging, @@ -2,6 +2,9 @@ (The `lines' figures total .c, .h, .l, and .y files under version control.) +* Fix POP2 and POP3 password shrouding. +* Don't remove UIDL scratchlist on query completion (Frantisek Brabec's bug). + fetchmail-5.7.5 (Sat Mar 17 23:24:41 EST 2001), 20440 lines: * Nalin Dahyabhai's patch to make IPv6 build on older systems. @@ -56,7 +56,7 @@ static int pop2_getauth(int sock, struct query *ctl, char *buf) { int status; - strcpy(shroud, ctl->password) + strcpy(shroud, ctl->password); status = gen_transact(sock, "HELO %s %s", ctl->remotename, ctl->password); @@ -275,7 +275,9 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) /* ordinary validation, no one-time password or RPA */ gen_transact(sock, "USER %s", ctl->remotename); + strcpy(shroud, ctl->password); ok = gen_transact(sock, "PASS %s", ctl->password); + shroud[0] = '\0'; break; case P_APOP: @@ -170,8 +170,12 @@ void initialize_saved_lists(struct query *hostlist, const char *idfile) break; } } - /* if it's not in a host we're querying, - ** save it anyway */ + /* + * If it's not in a host we're querying, + * save it anyway. Otherwise we'd lose UIDL + * information any time we queried an explicit + * subset of hosts. + */ if (ctl == (struct query *)NULL) { /* restore string */ *delimp1 = saveddelim1; @@ -446,6 +450,17 @@ void uid_swap_lists(struct query *ctl) * Don't swap UID lists unless we've actually seen UIDLs. * This is necessary in order to keep UIDL information * from being heedlessly deleted later on. + * + * Older versions of fetchmail did + * + * free_str_list(&scratchlist); + * + * after swap. This was wrong; we need to preserve the UIDL information + * from unqueried hosts. Unfortunately, not doing this means that + * under some circumstances UIDLs can end up being stored forever -- + * specifically, if a user description is removed from .fetchmailrc + * with UIDLs from that account in .fetchids, there is no way for + * them to ever get garbage-collected. */ if (ctl->newsaved) { @@ -453,7 +468,6 @@ void uid_swap_lists(struct query *ctl) if (outlevel >= O_DEBUG) report(stdout, _("swapping UID lists\n")); free_str_list(&ctl->oldsaved); - free_str_list(&scratchlist); ctl->oldsaved = ctl->newsaved; ctl->newsaved = (struct idlist *) NULL; } |