From f77a4eaa0c360870aa4cb7714203cbcec93f5d20 Mon Sep 17 00:00:00 2001 From: "Eric S. Raymond" Date: Wed, 18 Mar 1998 18:10:41 +0000 Subject: Fix IMAP password shrouding. svn path=/trunk/; revision=1712 --- NEWS | 7 +++++++ driver.c | 13 ++++++++----- etrn.c | 1 + fetchmail.h | 1 + imap.c | 33 ++++++++++----------------------- pop2.c | 1 + pop3.c | 1 + 7 files changed, 29 insertions(+), 28 deletions(-) diff --git a/NEWS b/NEWS index 278e730c..421ec376 100644 --- a/NEWS +++ b/NEWS @@ -12,9 +12,16 @@ "X-Fetchmail-ID" header in fetched messages for debugging. * Total byte count in status message? * -U/--userdefault option to specify postmaster overriding USER. +* imap_canonicalize screws up password shrouding. Release Notes: +------------------------------------------------------------------------------ +fetchmail-4.4.1 (): +* We now properly shroud IMAP passwords containing ", \, and SP. + +There are 273 people on fetchmail-friends and 160 on fetchmail-announce. + ------------------------------------------------------------------------------ fetchmail-4.4.0 (Mon Mar 16 14:57:38 EST 1998): * Fix bug that prevented graceful exit from POP3 validation on wrong password. diff --git a/driver.c b/driver.c index e8c51017..aa908ecd 100644 --- a/driver.c +++ b/driver.c @@ -105,9 +105,9 @@ char tag[TAGLEN]; static int tagnum; #define GENSYM (sprintf(tag, "A%04d", ++tagnum % TAGMOD), tag) -static char *shroud; /* string to shroud in debug output, if non-NULL */ -static int mytimeout; /* value of nonreponse timeout */ -static int msglen; /* actual message length */ +static char shroud[PASSWORDLEN]; /* string to shroud in debug output */ +static int mytimeout; /* value of nonreponse timeout */ +static int msglen; /* actual message length */ /* use these to track what was happening when the nonresponse timer fired */ #define GENERAL_WAIT 0 /* unknown wait type */ @@ -1891,9 +1891,12 @@ const struct method *proto; /* protocol method table */ /* try to get authorized to fetch mail */ if (protocol->getauth) { - shroud = ctl->password; + if (protocol->password_canonify) + (protocol->password_canonify)(shroud, ctl->password); + else + strcpy(shroud, ctl->password); + ok = (protocol->getauth)(sock, ctl, buf); - shroud = (char *)NULL; if (ok != 0) { if (ok == PS_LOCKBUSY) diff --git a/etrn.c b/etrn.c index 09da776b..7deb4312 100644 --- a/etrn.c +++ b/etrn.c @@ -120,6 +120,7 @@ const static struct method etrn = FALSE, /* this is not a tagged protocol */ FALSE, /* this does not use a message delimiter */ etrn_ok, /* parse command response */ + NULL, /* no password canonicalization */ NULL, /* no need to get authentication */ etrn_getrange, /* initialize message sending */ NULL, /* we cannot get a list of sizes */ diff --git a/fetchmail.h b/fetchmail.h index 3c3246ab..4f01557d 100644 --- a/fetchmail.h +++ b/fetchmail.h @@ -208,6 +208,7 @@ struct method flag tagged; /* if true, generate & expect command tags */ flag delimited; /* if true, accept "." message delimiter */ int (*parse_response)(); /* response_parsing function */ + int (*password_canonify)(); /* canonicalize password */ int (*getauth)(); /* authorization fetcher */ int (*getrange)(); /* get message range to fetch */ int (*getsizes)(); /* get sizes of messages */ diff --git a/imap.c b/imap.c index 29ce0de9..227565cd 100644 --- a/imap.c +++ b/imap.c @@ -568,18 +568,13 @@ static int do_gssauth(int sock, char *hostname, char *username) } #endif /* GSSAPI */ -static char *canonicalize_imap_password(char *passwd) +int imap_canonicalize(char *result, char *passwd) /* encode an IMAP password as per RFC1730's quoting conventions */ { - char *result; int i, j; - result = malloc(2*strlen(passwd)); - if (!result) - return 0; - - j=0; - for (i=0; ipassword); - - if (!newpass) - return(PS_AUTHFAIL); /* should report error better!!!! */ - - ok = gen_transact(sock, "LOGIN \"%s\" \"%s\"", ctl->remotename,newpass); - - free(newpass); - - if (ok) - return(ok); - } + imap_canonicalize(password, ctl->password); + ok = gen_transact(sock, "LOGIN \"%s\" \"%s\"", ctl->remotename, password); + if (ok) + return(ok); return(PS_SUCCESS); } @@ -996,6 +982,7 @@ const static struct method imap = TRUE, /* this is a tagged protocol */ FALSE, /* no message delimiter */ imap_ok, /* parse command response */ + imap_canonicalize, /* deal with embedded slashes and spaces */ imap_getauth, /* get authorization */ imap_getrange, /* query range of messages */ imap_getsizes, /* get sizes of messages (used for --limit option */ diff --git a/pop2.c b/pop2.c index 0f920ee3..ee0e7809 100644 --- a/pop2.c +++ b/pop2.c @@ -131,6 +131,7 @@ const static struct method pop2 = FALSE, /* this is not a tagged protocol */ FALSE, /* does not use message delimiter */ pop2_ok, /* parse command response */ + NULL, /* no password canonicalization */ pop2_getauth, /* get authorization */ pop2_getrange, /* query range of messages */ NULL, /* no way to get sizes */ diff --git a/pop3.c b/pop3.c index b03efdff..9502d104 100644 --- a/pop3.c +++ b/pop3.c @@ -535,6 +535,7 @@ const static struct method pop3 = FALSE, /* this is not a tagged protocol */ TRUE, /* this uses a message delimiter */ pop3_ok, /* parse command response */ + NULL, /* no password canonicalization */ pop3_getauth, /* get authorization */ pop3_getrange, /* query range of messages */ pop3_getsizes, /* we can get a list of sizes */ -- cgit v1.2.3