From 8b11650d62a12a840528b195e25366acf9aa354d Mon Sep 17 00:00:00 2001 From: "Eric S. Raymond" Date: Thu, 22 Mar 2001 09:04:14 +0000 Subject: Bug fixes. svn path=/trunk/; revision=3268 --- INSTALL | 5 +---- NEWS | 3 +++ pop2.c | 2 +- pop3.c | 2 ++ uid.c | 20 +++++++++++++++++--- 5 files changed, 24 insertions(+), 8 deletions(-) diff --git a/INSTALL b/INSTALL index 1ed66ec1..bbe2cb06 100644 --- a/INSTALL +++ b/INSTALL @@ -70,10 +70,7 @@ you can direct the build to look for GSSAPI support under DIR. Hooks for the OpenSSL library (see http://www.openssl.org/) are included in the distribution. To enable these, configure with ---with-ssl; they are not included in the standard build. Note that -due to U.S. crypto export regulations (which we hope will soon be -overturned on Constitutional grounds), no actual cryptography code is -included in the distribution. +--with-ssl; they are not included in the standard build. If you want to build for debugging, diff --git a/NEWS b/NEWS index cfe68850..6c60b4e4 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,9 @@ (The `lines' figures total .c, .h, .l, and .y files under version control.) +* Fix POP2 and POP3 password shrouding. +* Don't remove UIDL scratchlist on query completion (Frantisek Brabec's bug). + fetchmail-5.7.5 (Sat Mar 17 23:24:41 EST 2001), 20440 lines: * Nalin Dahyabhai's patch to make IPv6 build on older systems. diff --git a/pop2.c b/pop2.c index 40bdc975..c3f490e6 100644 --- a/pop2.c +++ b/pop2.c @@ -56,7 +56,7 @@ static int pop2_getauth(int sock, struct query *ctl, char *buf) { int status; - strcpy(shroud, ctl->password) + strcpy(shroud, ctl->password); status = gen_transact(sock, "HELO %s %s", ctl->remotename, ctl->password); diff --git a/pop3.c b/pop3.c index 12701e84..718c09c8 100644 --- a/pop3.c +++ b/pop3.c @@ -275,7 +275,9 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) /* ordinary validation, no one-time password or RPA */ gen_transact(sock, "USER %s", ctl->remotename); + strcpy(shroud, ctl->password); ok = gen_transact(sock, "PASS %s", ctl->password); + shroud[0] = '\0'; break; case P_APOP: diff --git a/uid.c b/uid.c index 8163761b..b6f0a8af 100644 --- a/uid.c +++ b/uid.c @@ -170,8 +170,12 @@ void initialize_saved_lists(struct query *hostlist, const char *idfile) break; } } - /* if it's not in a host we're querying, - ** save it anyway */ + /* + * If it's not in a host we're querying, + * save it anyway. Otherwise we'd lose UIDL + * information any time we queried an explicit + * subset of hosts. + */ if (ctl == (struct query *)NULL) { /* restore string */ *delimp1 = saveddelim1; @@ -446,6 +450,17 @@ void uid_swap_lists(struct query *ctl) * Don't swap UID lists unless we've actually seen UIDLs. * This is necessary in order to keep UIDL information * from being heedlessly deleted later on. + * + * Older versions of fetchmail did + * + * free_str_list(&scratchlist); + * + * after swap. This was wrong; we need to preserve the UIDL information + * from unqueried hosts. Unfortunately, not doing this means that + * under some circumstances UIDLs can end up being stored forever -- + * specifically, if a user description is removed from .fetchmailrc + * with UIDLs from that account in .fetchids, there is no way for + * them to ever get garbage-collected. */ if (ctl->newsaved) { @@ -453,7 +468,6 @@ void uid_swap_lists(struct query *ctl) if (outlevel >= O_DEBUG) report(stdout, _("swapping UID lists\n")); free_str_list(&ctl->oldsaved); - free_str_list(&scratchlist); ctl->oldsaved = ctl->newsaved; ctl->newsaved = (struct idlist *) NULL; } -- cgit v1.2.3