From 06adf462c806beab3d65c2c34d296c35e8e0655f Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Sun, 26 Nov 2006 10:42:03 +0000 Subject: Be sure that CAPA is probed before TLS. Needed to avoid bogus login failures if the upstream offers STLS. Patch by Isaac Wilcox. svn path=/branches/BRANCH_6-3/; revision=4963 --- pop3.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'pop3.c') diff --git a/pop3.c b/pop3.c index b41d4e53..e3b06656 100644 --- a/pop3.c +++ b/pop3.c @@ -41,6 +41,7 @@ static char lastok[POPBUFSIZE+1]; #endif /* OPIE_ENABLE */ /* session variables initialized in capa_probe() or pop3_getauth() */ +flag done_capa = FALSE; #if defined(GSSAPI) flag has_gssapi = FALSE; #endif /* defined(GSSAPI) */ @@ -238,6 +239,9 @@ static int capa_probe(int sock) { int ok; + if (done_capa) { + return PS_SUCCESS; + } #if defined(GSSAPI) has_gssapi = FALSE; #endif /* defined(GSSAPI) */ @@ -278,6 +282,7 @@ static int capa_probe(int sock) if (strstr(buffer, "CRAM-MD5")) has_cram = TRUE; } + done_capa = TRUE; } return(ok); } @@ -307,6 +312,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) flag got_tls = FALSE; #endif /* SSL_ENABLE */ + done_capa = FALSE; #if defined(GSSAPI) has_gssapi = FALSE; #endif /* defined(GSSAPI) */ @@ -441,6 +447,10 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) } #ifdef SSL_ENABLE + ok = capa_probe(sock); + if (ok != PS_SUCCESS) { + return ok; + } if (maybe_tls(ctl)) { if (has_stls) { @@ -467,7 +477,11 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) * guarantee a secure capability re-probe. */ got_tls = TRUE; - (void)capa_probe(sock); + done_capa = FALSE; + ok = capa_probe(sock); + if (ok != PS_SUCCESS) { + return ok; + } if (outlevel >= O_VERBOSE) { report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), realhost); -- cgit v1.2.3