aboutsummaryrefslogtreecommitdiffstats
path: root/imap.c
Commit message (Collapse)AuthorAgeFilesLines
* IMAP: improve STARTTLS error message for ssh-plugin caseMatthias Andree2021-10-311-2/+7
| | | | | | For common ssh-based IMAP PREAUTH setups (i. e. those that use a plugin - no matter its contents - and that set auth ssh), change the STARTTLS error message to suggest sslproto '' instead.
* IMAP: fix error code when LOGIN failsMatthias Andree2021-09-011-7/+1
| | | | | This recently printed 'we've run out of authentication methods' instead of the actual authentication failure.
* imap.c, pop3.c: fix protocol regression of 6.4.22.rc1Matthias Andree2021-08-271-66/+62
| | | | | | | | | | | | | | | fetchmail 6.4.22.rc1 clobbered its IMAP state too late, and lost information on the protocol version in many circumstances. Consequently, it tried to talk IMAP4 to IMAP4rev1 servers, which failed. This fix the clear_sessiondata() out to the new constructor and destructor, such that imap_getauth() only needs to call it after STARTTLS, when it must re-probe CAPABILITY anyways. This was the same bug for POP3, which however does not collect state from the greeting, so that the bug was without effect for POP3. Reported by: Corey Halpin, FreeBSD port maintainer.
* SECURITY: imap.c, pop3.c: STARTTLS drops stateMatthias Andree2021-08-261-0/+15
| | | | | We need to lose all state after STARTTLS to safeguard from attacks against the clear-text part of the session.
* imap.c, report.c: remove or comment dead stores.Matthias Andree2021-08-261-1/+4
|
* IMAP: record server's CAPABILITY data in pre-auth state.Matthias Andree2021-08-261-7/+42
| | | | Saves one or two (STARTTLS) application-level round-trips.
* IMAP: report 'upgrade to TLS succeeded' before CAPA probeMatthias Andree2021-08-261-4/+4
| | | | ...after successful STARTTLS, to show the logical order of events.
* SECURITY: IMAP: no longer permit LOGIN with LOGINDISABLED.Matthias Andree2021-08-261-34/+40
|
* IMAP: log error if --auth external requested but server does not advertise it.Matthias Andree2021-08-261-9/+15
|
* imap.c: one FIXME for command continuation requestsMatthias Andree2021-08-261-0/+3
|
* IMAP: two more AUTHENTICATE EXTERNAL fixesMatthias Andree2021-08-261-1/+10
|
* IMAP: fix base64 length calc. for AUTH=EXTERNALMatthias Andree2021-08-261-1/+1
| | | | to make code more correct or readable; to64frombits does not overflow its buffer
* IMAP: don't send * after failed AUTHENTICATE EXTERNALMatthias Andree2021-08-261-2/+0
| | | | ...i. e. after receiving tagged response.
* IMAP: rename misnamed function and variableMatthias Andree2021-08-261-5/+5
|
* SECURITY: IMAP: --auth ssh no longer prevents STARTTLSMatthias Andree2021-08-261-11/+11
|
* SECURITY: IMAP: PREAUTH->abort if STARTTLS neededMatthias Andree2021-08-261-6/+14
| | | | | | | | | | On --sslproto auto (or other nonempty values), when receiving IMAP PREAUTH state, abort the connection, rather than continuing with cleartext. --ssl is unaffected because it always negotiates TLS. See fetchmail-SA-2021-02.txt for details.
* imap.c revise comment on timeout memory leak if auto (non-static) password ↵Matthias Andree2021-02-141-1/+1
| | | | buffer is used for LOGIN
* imap.c: fix memory leak in timeout situation for LOGIN authMatthias Andree2021-02-141-3/+5
| | | | | ...which uses siglongjmp() so that gen_transact() will not return. Note, just in case, this uses local static buffers and is not thread-safe.
* Align with legacy_6x.Matthias Andree2019-08-251-10/+2
| | | | | | * Normalize include order. * Backport missed bug fixes. * Remove dead code.
* Comment on EXISTS in response to EXPUNGE.Matthias Andree2019-08-051-1/+3
|
* Drop socket when receiving unexpected untagged * BYE.Matthias Andree2019-05-121-0/+4
| | | | | | Reported against 6.3.26 by minorwiping@vfemail.net when polling from imap.yandex.com and it looped on "* BYE Autologout; idle for too long" in response to a A0001 CAPABILITY request.
* Add line termination when reporting unexpected untagged * BYE contents.Matthias Andree2019-05-121-1/+1
|
* imap_delete(): clean up delflags[_seen] variables.Matthias Andree2018-06-211-6/+1
|
* In-depth fix for to64frombits() BASE64 encoder buffer sizing.Matthias Andree2018-04-141-1/+1
|
* TLS overhaul, bumping version to 6.4Matthias Andree2015-01-261-17/+19
| | | | | | | | | | | | | | | Removes SSLv2, enables TLSv1.1 and v1.2 more easily, permits SSLv3 (only if specified) and newer TLSv1.1+ for STLS/STARTTLS. Only negotiates TLSv1 and newer by default, SSLv3 must now be specified explicitly, as a consequence of the POODLE attack. This is meant to be a minimally upgraded version, and cannot be usefully done as a 6.3.X release. It is strongly recommended that users review their configuration - especially --sslproto - per instructions in the NEWS file and manual page. It has changed semantics and in many cases --sslproto auto or perhaps --sslproto tls1.2+ should be used now.
* fetchmail workaround for a bug in Microsoft ExchangeSunil Shetye2012-05-101-1/+1
| | | | | | | treat missing header in response to a FETCH command as a transient error (Reported by John Connett) if there are too many transient errors, log it.
* fetchmail workaround for a bug in ZimbraMikulas Patocka2011-11-221-1/+2
| | | | | | | | | | | | | | | | | Zimbra occasionally returns this response: fetchmail: IMAP> A0007 FETCH 1 RFC822.HEADER fetchmail: IMAP< * 1 FETCH () fetchmail: IMAP< A0007 OK FETCH completed It happens when there is a corrupted message without a header in the database. (I don't know how this message could be created, I just see it there). When fetchmail encounters such resonse, it gives up and disconnects. This patch changes it so that PS_TRANSIENT is returned in this case and fetchmail continues to fetch following messages correctly.
* Drop FETCHMAIL_IMAP_DELETED_REMAINS_UNSEEN dud again.Matthias Andree2011-05-261-11/+2
|
* Run S(TART)TLS negotiation under timeout alarm.Matthias Andree2011-05-261-2/+4
| | | | Reported missing by Thomas Jarosch.
* Handle socket errors on CAPABILITY probes.Matthias Andree2011-05-221-3/+9
|
* Fixup: remove unused variables.Matthias Andree2011-05-041-1/+1
|
* Do not search for UNSEEN messages in ranges.Sunil Shetye2011-05-041-48/+26
| | | | | | | | | | Add gen_recv_split() to split long protocol messages when the message prefix matches Order of search commands: IMAP> A010 SEARCH UNSEEN UNDELETED (IMAP4 or higher) IMAP> A011 SEARCH UNSEEN IMAP> A012 FETCH 1:n FLAGS
* Add FETCHMAIL_IMAP_DELETED_REMAINS_UNSEEN env' var.Matthias Andree2011-05-031-6/+23
| | | | | Requested by Jonathan Buschmann, to suppress read-notifications on servers such as MS Exchange or HP OpenMail.
* Hack: support quoted string in imap_fetch_body()Matthias Andree2010-12-101-0/+7
| | | | | This is seen on Yahoo in * 123 FETCH (BODY[TEXT] ""), reported by Yasin Malli.
* Do STARTTLS/STLS negotiation in IMAP/POP3 if it is mandatory ignoring server ↵Sunil Shetye2010-11-191-5/+2
| | | | capabilities
* Distinguish between server not advertising TLS capability and server failing ↵Sunil Shetye2010-11-101-9/+5
| | | | | | during upgradation to TLS. Send a NOOP only after a failed STARTTLS in IMAP.
* Factor out common NTLM code.Matthias Andree2010-10-091-47/+3
|
* Fix dead assignments.Matthias Andree2010-10-091-1/+1
|
* Remove some unneeded SASL cancellations.Matthias Andree2010-09-251-7/+0
|
* Cancel SASL AUTH properly on GSSAPI errors.Matthias Andree2010-09-251-1/+0
|
* Don't try to match trailing literals in sscanf,Matthias Andree2010-08-281-5/+16
| | | | | but rather note how much input was consumed, stop short of the string, and use strncasecmp to match explicitly.
* parse response to FETCH in a more flexible mannerSunil Shetye2010-08-281-37/+39
| | | | remove for loop in imap_fetch_headers()
* Avoid wedging Exchange 2007 with GSSAPI.Matthias Andree2010-08-211-1/+1
| | | | | | | | | Exchange 2007 wedges if we try GSSAPI authentication and fail for lack of suitable credentails (for instance, because the user did not run kinit). Only try GSSAPI automatically if we have credentials. Reported by Patrick Rynhart, Debian Bug #568455, and Alan Murrell, to the fetchmail-users list.
* Add --sslcertfile option and FETCHMAIL_NO_DEFAULT_X509_PATHS env var,Matthias Andree2010-04-181-1/+1
| | | | and always load the default X.509 trust stores, unless the latter is set.
* Fix lots of warnings, most around string literals...Matthias Andree2010-03-181-1/+1
| | | | | | | ...that were converted to char* when they should have been converted to const char *. Use braces for empty if/else statements.
* Fix input type for isalnum().Matthias Andree2010-02-041-1/+1
| | | | svn path=/branches/BRANCH_6-3/; revision=5477
* Stricter validation of IMAP responses containing byte or message counts.Matthias Andree2010-02-041-12/+33
| | | | svn path=/branches/BRANCH_6-3/; revision=5469
* IMAP SEARCH fixes & FETCH fallback by Sunil ShetyeMatthias Andree2010-02-041-39/+130
| | | | | | | | | | | | | | | | | * The IMAP client now uses "SEARCH UNSEEN" rather than "SEARCH UNSEEN NOT DELETED" again on IMAP2, to fix a regression in fetchmail 6.2.5 reported by Will Stringer in June 2004. (Sunil Shetye) * The IMAP client now uses "SEARCH UNSEEN UNDELETED" on IMAP4 and IMAP4r1 servers (Sunil Shetye). * Workaround: The IMAP client now falls back to "FETCH n:m FLAGS" if the server does not support "SEARCH". (Sunil Shetye) * The IMAP client now requests message numbers in batches of 1,000 to avoid problems if there are more than 1860 unseen messages. (Sunil Shetye) Note that this wasn't security relevant because fetchmail would only read up to the maximum buffer size and leave the remainder of the string unread, going out of synch afterwards. svn path=/branches/BRANCH_6-3/; revision=5468
* Clarify IMAP BYE response logging.Matthias Andree2010-01-221-1/+1
| | | | svn path=/branches/BRANCH_6-3/; revision=5462
* Fix IMAP IDLE and untagged (* ...) response parser, by Sunil Shetye.Matthias Andree2010-01-221-139/+159
| | | | | | | | | | | | | The IMAP client no longer skips messages from several IMAP servers including Dovecot if fetchmail's "idle" is in use. Causes were that fetchmail (a) ignored some untagged responses when it should not (b) relied on EXISTS messages in response to EXPUNGE, which aren't mandated by RFC-3501 (the IMAP standard) and aren't sent by Dovecot either. Fix by Sunil Shetye (the fix also consolidates IMAP response handling, improving overall robustness of the IMAP client), bug report and testing by Matt Doran, with further hints from Timo Sirainen. svn path=/branches/BRANCH_6-3/; revision=5459
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-21 22:21:13 +0000