I wrote a private patch to provide my own (none interactive) username/password method for the tool "mailutil" which is part of imap-2007e and alpine-2.00.
During my tests I found, that the function mm_login in imap-2007e/src/mailutil/mailutil.c:883 has a bug: void mm_login (NETMBX *mb,char *username,char *password,long trial) { char *s,tmp[MAILTMPLEN]; sprintf (s = tmp,"{%s/%s",mb->host,mb->service); if (*mb->user) sprintf (tmp+strlen (tmp),"/user=%s", strcpy (username,mb->user)); if (*mb->authuser) sprintf (tmp+strlen (tmp),"/authuser=%s",mb->authuser); if (*mb->user) strcat (s = tmp,"} password:"); else { printf ("%s} username: ",tmp); fgets (username,NETMAXUSER-1,stdin); username[NETMAXUSER-1] = '\0'; if (s = strchr (username,'\n')) *s = '\0'; s = "password: "; } strcpy (password,getpass (s)); } The password returned by getpass(s) could be longer than the buffer password. Password has a fixed size buffer pwd[MAILTMPLEN]. MAILTMPLEN is 1024 by default. So it's easy to see the problem: $ imap-2007e/mailutil/mailutil check '{myimapserver}INBOX' {myimapserver} username: myusername password: (type in or copy a text line with > 1024 characters) Speicherzugriffsfehler (core dumped) The easiest way to fix the problem is probably to use strncpy instead of strcpy. Greetings, Björn _______________________________________________ Imap-uw mailing list Imap-uw@u.washington.edu http://mailman2.u.washington.edu/mailman/listinfo/imap-uw