A NOTE has been added to this issue. ====================================================================== http://www.dbmail.org/mantis/view.php?id=901 ====================================================================== Reported By: vampyre Assigned To: ====================================================================== Project: DBMail Issue ID: 901 Category: Authentication layer Reproducibility: always Severity: minor Priority: normal Status: new target: ====================================================================== Date Submitted: 11-May-11 21:23 CEST Last Modified: 04-Jul-11 10:58 CEST ====================================================================== Summary: non escaped sumbols from imap Description: It looks like dbmail-imapd doesn't remove escape symbols from special characters passed by IMAP. This leads to some inconveniences. Sorry for such raw report, I will try to reproduce it against latest version and provide you with a patch soon. ======================================================================
---------------------------------------------------------------------- (0003182) vampyre (reporter) - 17-May-11 21:25 http://www.dbmail.org/mantis/view.php?id=901#c3182 ---------------------------------------------------------------------- Btw, it looks similar to http://www.dbmail.org/mantis/view.php?id=853. I've noticed this description field was modified in that report. ---------------------------------------------------------------------- (0003183) paul (administrator) - 17-May-11 22:22 http://www.dbmail.org/mantis/view.php?id=901#c3183 ---------------------------------------------------------------------- Please provide the dbmail version and steps to reproduce. ---------------------------------------------------------------------- (0003184) vampyre (reporter) - 17-May-11 22:49 http://www.dbmail.org/mantis/view.php?id=901#c3184 ---------------------------------------------------------------------- I am using dbmail-2.3.7 dated at 20100111. I have described the steps to reproduce earlier. You should try to authenticate via LOGIN method with password that contain special characters like (", \). Btw, I have fixed the issue locally and enclosed the patch for you. However it was done in a rush so I suppose the place for g_strcompress can be reconsidered. I will recheck this against new version of dbmail if this is required. Could you please inform me if so, thank you. Looking forward for your reply. ---------------------------------------------------------------------- (0003185) vampyre (reporter) - 30-May-11 13:11 http://www.dbmail.org/mantis/view.php?id=901#c3185 ---------------------------------------------------------------------- Unfortunately I have found some issues with this patch as it not fully correspond to RFC requirements: I mean that according to RFC IMAP should un-escape like: Original line: "test line1\\s", "test line2\s" Un-escaped line: "test line1\s" "test line2\s" So the first case is handled correctly with that patch, but the second fails. I am working on correct solution now, and provide you with a patch as soon as I can. Sorry for inconveniences. ---------------------------------------------------------------------- (0003194) vampyre (reporter) - 24-Jun-11 09:42 http://www.dbmail.org/mantis/view.php?id=901#c3194 ---------------------------------------------------------------------- Hello, I have completed the correct patch according to RFC, please review and apply it if it is acceptable on your point of view. ---------------------------------------------------------------------- (0003198) paul (administrator) - 26-Jun-11 12:26 http://www.dbmail.org/mantis/view.php?id=901#c3198 ---------------------------------------------------------------------- Some remarks: try to replace the if (MATCH(self->command...)) with a switch statement like in dbmail_imap_session_mailbox_status for performance reasons. please split up the unescape function and extract the actual unescape routine into a separate function. This separate function needs to have unit-tests in for example test/check_dbmail_misc.c. since this functionality simply strips chars from a char* doing malloc/free loops seems complete overkill. Try to rethink in terms of in-place editing. ---------------------------------------------------------------------- (0003199) vampyre (reporter) - 26-Jun-11 18:35 http://www.dbmail.org/mantis/view.php?id=901#c3199 ---------------------------------------------------------------------- Hi paul, thanks for advice. Sounds reasonable, will do that in nearest time. ---------------------------------------------------------------------- (0003200) paul (administrator) - 28-Jun-11 18:33 http://www.dbmail.org/mantis/view.php?id=901#c3200 ---------------------------------------------------------------------- the attached escape.c demonstrates in-place editing ---------------------------------------------------------------------- (0003204) paul (administrator) - 04-Jul-11 10:58 http://www.dbmail.org/mantis/view.php?id=901#c3204 ---------------------------------------------------------------------- please test commit 6bf8d751279bfb50ab1c9b63d6298ebd4cac12e0 Issue History Date Modified Username Field Change ====================================================================== 11-May-11 21:23 vampyre New Issue 17-May-11 21:25 vampyre Note Added: 0003182 17-May-11 22:22 paul Note Added: 0003183 17-May-11 22:44 vampyre File Added: 0001-0000901-fix-unescaped-symbols-in-password.patch 17-May-11 22:49 vampyre Note Added: 0003184 30-May-11 13:11 vampyre Note Added: 0003185 24-Jun-11 09:42 vampyre Note Added: 0003194 24-Jun-11 09:43 vampyre File Added: patch_to_mantis 26-Jun-11 12:26 paul Note Added: 0003198 26-Jun-11 18:35 vampyre Note Added: 0003199 28-Jun-11 18:32 paul File Added: escape.c 28-Jun-11 18:33 paul Note Added: 0003200 04-Jul-11 10:58 paul Note Added: 0003204 ====================================================================== _______________________________________________ Dbmail-dev mailing list Dbmail-dev@dbmail.org http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail-dev