diff options
| -rw-r--r-- | NEWS | 7 | ||||
| -rw-r--r-- | driver.c | 13 | ||||
| -rw-r--r-- | etrn.c | 1 | ||||
| -rw-r--r-- | fetchmail.h | 1 | ||||
| -rw-r--r-- | imap.c | 33 | ||||
| -rw-r--r-- | pop2.c | 1 | ||||
| -rw-r--r-- | pop3.c | 1 |
7 files changed, 29 insertions, 28 deletions
@@ -12,10 +12,17 @@ "X-Fetchmail-ID" header in fetched messages for debugging. * Total byte count in status message? * -U/--userdefault option to specify postmaster overriding USER. +* imap_canonicalize screws up password shrouding. Release Notes: ------------------------------------------------------------------------------ +fetchmail-4.4.1 (): +* We now properly shroud IMAP passwords containing ", \, and SP. + +There are 273 people on fetchmail-friends and 160 on fetchmail-announce. + +------------------------------------------------------------------------------ fetchmail-4.4.0 (Mon Mar 16 14:57:38 EST 1998): * Fix bug that prevented graceful exit from POP3 validation on wrong password. * Dominique Unruh's patch that copes gracefully with bodiless messages. @@ -105,9 +105,9 @@ char tag[TAGLEN]; static int tagnum; #define GENSYM (sprintf(tag, "A%04d", ++tagnum % TAGMOD), tag) -static char *shroud; /* string to shroud in debug output, if non-NULL */ -static int mytimeout; /* value of nonreponse timeout */ -static int msglen; /* actual message length */ +static char shroud[PASSWORDLEN]; /* string to shroud in debug output */ +static int mytimeout; /* value of nonreponse timeout */ +static int msglen; /* actual message length */ /* use these to track what was happening when the nonresponse timer fired */ #define GENERAL_WAIT 0 /* unknown wait type */ @@ -1891,9 +1891,12 @@ const struct method *proto; /* protocol method table */ /* try to get authorized to fetch mail */ if (protocol->getauth) { - shroud = ctl->password; + if (protocol->password_canonify) + (protocol->password_canonify)(shroud, ctl->password); + else + strcpy(shroud, ctl->password); + ok = (protocol->getauth)(sock, ctl, buf); - shroud = (char *)NULL; if (ok != 0) { if (ok == PS_LOCKBUSY) @@ -120,6 +120,7 @@ const static struct method etrn = FALSE, /* this is not a tagged protocol */ FALSE, /* this does not use a message delimiter */ etrn_ok, /* parse command response */ + NULL, /* no password canonicalization */ NULL, /* no need to get authentication */ etrn_getrange, /* initialize message sending */ NULL, /* we cannot get a list of sizes */ diff --git a/fetchmail.h b/fetchmail.h index 3c3246ab..4f01557d 100644 --- a/fetchmail.h +++ b/fetchmail.h @@ -208,6 +208,7 @@ struct method flag tagged; /* if true, generate & expect command tags */ flag delimited; /* if true, accept "." message delimiter */ int (*parse_response)(); /* response_parsing function */ + int (*password_canonify)(); /* canonicalize password */ int (*getauth)(); /* authorization fetcher */ int (*getrange)(); /* get message range to fetch */ int (*getsizes)(); /* get sizes of messages */ @@ -568,18 +568,13 @@ static int do_gssauth(int sock, char *hostname, char *username) } #endif /* GSSAPI */ -static char *canonicalize_imap_password(char *passwd) +int imap_canonicalize(char *result, char *passwd) /* encode an IMAP password as per RFC1730's quoting conventions */ { - char *result; int i, j; - result = malloc(2*strlen(passwd)); - if (!result) - return 0; - - j=0; - for (i=0; i<strlen(passwd); ++i) + j = 0; + for (i = 0; i < strlen(passwd); i++) { if ((passwd[i] == '\\') || (passwd[i] == '"')) result[j++] = '\\'; @@ -587,13 +582,14 @@ static char *canonicalize_imap_password(char *passwd) } result[j] = '\0'; - return(result); + return(i); } int imap_getauth(int sock, struct query *ctl, char *greeting) /* apply for connection authorization */ { int ok = 0; + char password[PASSWORDLEN*2]; /* probe to see if we're running IMAP4 and can use RFC822.PEEK */ capabilities[0] = '\0'; @@ -684,20 +680,10 @@ int imap_getauth(int sock, struct query *ctl, char *greeting) }; #endif /* __UNUSED__ */ - /* try to get authorized in the ordinary (AUTH=LOGIN) way */ - { - char *newpass = canonicalize_imap_password(ctl->password); - - if (!newpass) - return(PS_AUTHFAIL); /* should report error better!!!! */ - - ok = gen_transact(sock, "LOGIN \"%s\" \"%s\"", ctl->remotename,newpass); - - free(newpass); - - if (ok) - return(ok); - } + imap_canonicalize(password, ctl->password); + ok = gen_transact(sock, "LOGIN \"%s\" \"%s\"", ctl->remotename, password); + if (ok) + return(ok); return(PS_SUCCESS); } @@ -996,6 +982,7 @@ const static struct method imap = TRUE, /* this is a tagged protocol */ FALSE, /* no message delimiter */ imap_ok, /* parse command response */ + imap_canonicalize, /* deal with embedded slashes and spaces */ imap_getauth, /* get authorization */ imap_getrange, /* query range of messages */ imap_getsizes, /* get sizes of messages (used for --limit option */ @@ -131,6 +131,7 @@ const static struct method pop2 = FALSE, /* this is not a tagged protocol */ FALSE, /* does not use message delimiter */ pop2_ok, /* parse command response */ + NULL, /* no password canonicalization */ pop2_getauth, /* get authorization */ pop2_getrange, /* query range of messages */ NULL, /* no way to get sizes */ @@ -535,6 +535,7 @@ const static struct method pop3 = FALSE, /* this is not a tagged protocol */ TRUE, /* this uses a message delimiter */ pop3_ok, /* parse command response */ + NULL, /* no password canonicalization */ pop3_getauth, /* get authorization */ pop3_getrange, /* query range of messages */ pop3_getsizes, /* we can get a list of sizes */ |