From 84580ab863845586828269ebc7c3d0ad9376b3e3 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Thu, 26 Aug 2021 23:53:14 +0200
Subject: IMAP: don't send * after failed AUTHENTICATE EXTERNAL

...i. e. after receiving tagged response.
---
 NEWS   | 4 ++++
 imap.c | 2 --
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 9ab3f065..747f93d6 100644
--- a/NEWS
+++ b/NEWS
@@ -99,6 +99,10 @@ fetchmail-6.4.22 (not yet released):
   Schinzel.  The paper did not mention fetchmail.
 * On IMAP connections, --auth ssh no longer prevents STARTTLS negotiation.
 
+# BUG FIX:
+* On IMAP connections, when AUTHENTICATE EXTERNAL fails and we have received the 
+  tagged (= final) response, do not send "*".
+
 --------------------------------------------------------------------------------
 fetchmail-6.4.21 (released 2021-08-09, 30042 LoC):
 
diff --git a/imap.c b/imap.c
index ed10374b..d441ced8 100644
--- a/imap.c
+++ b/imap.c
@@ -534,8 +534,6 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
         int err = do_auth_external(sock, "AUTHENTICATE", ctl->remotename);
 	if (err)
         {
-            /* SASL cancellation of authentication */
-            gen_send(sock, "*");
             if (ctl->server.authenticate != A_ANY)
                 return err;
         } else {
-- 
cgit v1.2.3