Package: cyrus-clients-2.2 Version: 2.2.13-10 Severity: important Tags: patch
Hello, I think, I've found a bug in the imtest/pop3test utiltiy. It's not correctly checking the server respons. Let me explain some details: I used pop3test to check a dovecot pop3-server S: +OK Dovecot ready. C: CAPA S: +OK S: CAPA S: TOP S: UIDL S: RESP-CODES S: PIPELINING S: STLS S: USER S: SASL PLAIN S: . C: USER heiko S: +OK Authentication failed. generic failure Connection closed. Digging in the imtest.c I found (function auth_pop(void)) the following lines: 1867 printf("C: USER %s\r\n", username); 1868 prot_printf(pout,"USER %s\r\n", username); 1869 prot_flush(pout); 1870 1871 if (prot_fgets(str, 1024, pin) == NULL) { 1872 imtest_fatal("prot layer failure"); 1873 } 1874 1875 printf("S: %s", str); 1876 1877 if (strncasecmp(str, "+OK ", 4)) return IMTEST_FAIL; The issue is about the "+OK ". Note the trailing space there, and the check for 4 characters. Dovecot just sends "+OK\r\n", nothing else. There's no space following the "+OK". Reading RFC1939 (section 9): Note that with the exception of the STAT, LIST, and UIDL commands, the reply given by the POP3 server to any command is significant only to "+OK" and "-ERR". Any text occurring after this reply may be ignored by the client. So I'd guess the above test is wrong. (A similar test is done some lines later checking the response to the "PASS ..." command. And probably even more often. The fix should be just something like this (in vi): %s/+OK ", 4/+OK", 3/g in the imtest.c source. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.26.2.jumper Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages cyrus-clients-2.2 depends on: ii libc6 2.3.6.ds1-13etch7 GNU C Library: Shared libraries ii libdb4.2 4.2.52+dfsg-2 Berkeley v4.2 Database Libraries [ ii libsasl2-2 2.1.22.dfsg1-8 Authentication abstraction library ii libssl0.9.8 0.9.8c-4etch3 SSL shared libraries cyrus-clients-2.2 recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]