aboutsummaryrefslogtreecommitdiffstats
path: root/pop3.c
Commit message (Collapse)AuthorAgeFilesLines
* imap.c, pop3.c: fix protocol regression of 6.4.22.rc1Matthias Andree2021-08-271-2/+16
| | | | | | | | | | | | | | | fetchmail 6.4.22.rc1 clobbered its IMAP state too late, and lost information on the protocol version in many circumstances. Consequently, it tried to talk IMAP4 to IMAP4rev1 servers, which failed. This fix the clear_sessiondata() out to the new constructor and destructor, such that imap_getauth() only needs to call it after STARTTLS, when it must re-probe CAPABILITY anyways. This was the same bug for POP3, which however does not collect state from the greeting, so that the bug was without effect for POP3. Reported by: Corey Halpin, FreeBSD port maintainer.
* Misc POP3 cleanups.Matthias Andree2021-08-261-5/+6
|
* SECURITY: imap.c, pop3.c: STARTTLS drops stateMatthias Andree2021-08-261-35/+28
| | | | | We need to lose all state after STARTTLS to safeguard from attacks against the clear-text part of the session.
* POP3: make CAPA parser caseblind.Matthias Andree2021-08-261-0/+3
|
* SECURITY: POP3: changes for --auth ssh and RPAMatthias Andree2021-08-261-31/+43
| | | | | These no longer defeat STARTTLS negotiation, and RPA is only attempted with --auth any.
* Align with legacy_6x.Matthias Andree2019-08-251-57/+1
| | | | | | * Normalize include order. * Backport missed bug fixes. * Remove dead code.
* Fix potential SIGSEGV in pop3_delete.Matthias Andree2018-11-251-2/+3
| | | | Reported by Paul Kinsler.
* Fix GCC8 ?: operator type promotion warning.Matthias Andree2018-04-141-2/+2
|
* Add one comment to pop3_fastuidl().Matthias Andree2017-02-111-0/+2
|
* Drop unused variable.Matthias Andree2016-12-121-1/+0
|
* Fix portability to C90 and C++.Matthias Andree2016-12-111-1/+0
|
* Fix crash on --flush.Rainer Weikusat2016-12-111-2/+5
|
* UIDL database speedup with Patricia trees.Matthias Andree2016-12-111-50/+67
| | | | | | | Import Rainer Weikusat's code that uses Patricia trees instead of linear lists. Snapshot Rainer's patch 2010-05-24 19:30:42
* TLS overhaul, bumping version to 6.4Matthias Andree2015-01-261-21/+21
| | | | | | | | | | | | | | | Removes SSLv2, enables TLSv1.1 and v1.2 more easily, permits SSLv3 (only if specified) and newer TLSv1.1+ for STLS/STARTTLS. Only negotiates TLSv1 and newer by default, SSLv3 must now be specified explicitly, as a consequence of the POODLE attack. This is meant to be a minimally upgraded version, and cannot be usefully done as a 6.3.X release. It is strongly recommended that users review their configuration - especially --sslproto - per instructions in the NEWS file and manual page. It has changed semantics and in many cases --sslproto auto or perhaps --sslproto tls1.2+ should be used now.
* Make Maillennium POP3 workarounds less specific,Matthias Andree2012-10-141-2/+2
| | | | | to encompass Maillennium POP3/UNIBOX (Maillennium V05.00c++). Reported by Eddie via fetchmail-users mailing list, 2012-10-13.
* Run S(TART)TLS negotiation under timeout alarm.Matthias Andree2011-05-261-2/+5
| | | | Reported missing by Thomas Jarosch.
* Reduce complexity of adding UIDs in fastuidl.Matthias Andree2010-12-141-2/+3
|
* Reduce complexity for parsing UIDL response to linear.Matthias Andree2010-12-141-2/+3
|
* Do STARTTLS/STLS negotiation in IMAP/POP3 if it is mandatory ignoring server ↵Sunil Shetye2010-11-191-5/+2
| | | | capabilities
* Distinguish between server not advertising TLS capability and server failing ↵Sunil Shetye2010-11-101-7/+5
| | | | | | during upgradation to TLS. Send a NOOP only after a failed STARTTLS in IMAP.
* POP3: autoprobe NTLM.Matthias Andree2010-10-091-17/+36
|
* Factor out common NTLM code.Matthias Andree2010-10-091-48/+5
|
* Fix dead assignments.Matthias Andree2010-10-091-1/+1
|
* Avoid wedging Exchange 2007 with GSSAPI.Matthias Andree2010-08-211-1/+2
| | | | | | | | | Exchange 2007 wedges if we try GSSAPI authentication and fail for lack of suitable credentails (for instance, because the user did not run kinit). Only try GSSAPI automatically if we have credentials. Reported by Patrick Rynhart, Debian Bug #568455, and Alan Murrell, to the fetchmail-users list.
* Fix a few Intel C++ remarks and warnings.Matthias Andree2010-04-271-2/+2
|
* Validate STAT response more strictly.Matthias Andree2010-04-241-3/+7
|
* Add --sslcertfile option and FETCHMAIL_NO_DEFAULT_X509_PATHS env var,Matthias Andree2010-04-181-1/+1
| | | | and always load the default X.509 trust stores, unless the latter is set.
* Fix MD5Digest prototype and remove unneeded type casts.Matthias Andree2010-04-181-1/+1
|
* Fix xmalloc type casts in SDPS mode.Matthias Andree2010-04-011-2/+2
|
* Further type fixes.Matthias Andree2010-03-181-1/+1
|
* Remove unused assignments/initializations found with llvm-clang.Matthias Andree2010-02-281-4/+4
|
* Fix format string bugs.Matthias Andree2009-05-041-1/+1
| | | | svn path=/branches/BRANCH_6-3/; revision=5291
* Fix a few compiler warnings around implicit conversion or extra ";".Matthias Andree2009-01-141-1/+1
| | | | svn path=/branches/BRANCH_6-3/; revision=5261
* Merge Daniel Richard G.'s --sslcommonname option.Matthias Andree2008-03-071-5/+12
| | | | | | | | Exception from no-features policy on 6.3.X is made to keep people away from doing more dangerous things in order to get rid of CommonName mismatch warnings. svn path=/branches/BRANCH_6-3/; revision=5165
* Undocumented and untested hack: setting FETCHMAIL_POP3_FORCE_RETR in theMatthias Andree2008-01-111-0/+6
| | | | | | environment forces fetchmail to use RETR instead of TOP for POP3. svn path=/branches/BRANCH_6-3/; revision=5151
* No longer complain about invalid sslproto "" when POP3 CAPA probe fails.Matthias Andree2007-06-101-2/+2
| | | | | | | Fixes Debian Bug#421446 (Holger Leskien), Novell Bug #247233 (Jon Nelson). Thanks to Matthias Strauß for a configuration to reproduce the issue. svn path=/branches/BRANCH_6-3/; revision=5109
* Strengthen APOP a bit (validate RFC-822 syntax) in order to fend offMatthias Andree2007-03-181-0/+14
| | | | | | Leurent-style MITM attacks which are based on MD5 and APOP weaknesses. svn path=/branches/BRANCH_6-3/; revision=5057
* Repoll immediately if a protocol error happens during the authenticationMatthias Andree2007-03-021-1/+2
| | | | | | | attempt after a failed opportunistic TLS upgrade. Gentoo Bug #163782 comment #9, reported by Takuto Matsuu. svn path=/branches/BRANCH_6-3/; revision=5044
* Fix 6.3.6 regression: repoll upon socket error after STLS failure.Matthias Andree2007-02-031-11/+12
| | | | | | Berlios Bug #10133, reported by Andrej Kacian. svn path=/branches/BRANCH_6-3/; revision=5022
* Do not send the real password with KPOP.Matthias Andree2007-02-021-5/+15
| | | | svn path=/branches/BRANCH_6-3/; revision=5021
* Add Miloslav Trmac's patch to fix KPOP regression in 6.3.6.Matthias Andree2007-02-021-1/+5
| | | | svn path=/branches/BRANCH_6-3/; revision=5020
* Fix bogus authentication failure with --auth password when CAPA fails.Matthias Andree2006-11-291-9/+13
| | | | svn path=/branches/BRANCH_6-3/; revision=4976
* - mark CAPA as done even if it failsMatthias Andree2006-11-271-24/+46
| | | | | | | | | | | - do not override strong authenticators to PASSWORD if CAPA fails - let TLS code cater for failing CAPA (and break the connection if TLS is mandatory, but CAPA fails) - prevent USER/PASS authentication if other authenticators are configured - trash shroud store after use svn path=/branches/BRANCH_6-3/; revision=4970
* Plug a tiny memory leak when recovering from TLS-related socket errors.Matthias Andree2006-11-271-0/+1
| | | | svn path=/branches/BRANCH_6-3/; revision=4969
* Enshroud RPOP password in local logs.Matthias Andree2006-11-271-1/+5
| | | | svn path=/branches/BRANCH_6-3/; revision=4967
* Be sure that CAPA is probed before TLS.Matthias Andree2006-11-261-1/+15
| | | | | | | Needed to avoid bogus login failures if the upstream offers STLS. Patch by Isaac Wilcox. svn path=/branches/BRANCH_6-3/; revision=4963
* First step towards really fixing TLS vuln, CVE-2006-5867, still incomplete.Matthias Andree2006-11-261-52/+52
| | | | svn path=/branches/BRANCH_6-3/; revision=4962
* Fix TLS issue: fail if sslfingerprint, sslproto tls1 or sslcertck are ↵Matthias Andree2006-11-121-53/+58
| | | | | | configured and STARTTLS fails. Only by omitting all of these options, fetchmail will try opportunistic TLS. svn path=/branches/BRANCH_6-3/; revision=4929
* Snapshot 6.3.6-rc1.Matthias Andree2006-11-011-3/+11
| | | | svn path=/branches/BRANCH_6-3/; revision=4925
* Add IMAP AUTH=EXTERNAL support. BerliOS Patch #1095.Matthias Andree2006-08-141-2/+2
| | | | | | | Courtesy of Götz 'nimrill' Babin-Ebell. This patch also makes --sslproto arguments case insensitive. svn path=/branches/BRANCH_6-3/; revision=4896