A NOTE has been added to this issue. ====================================================================== http://www.dbmail.org/mantis/view.php?id=901 ====================================================================== Reported By: vampyre Assigned To: ====================================================================== Project: DBMail Issue ID: 901 Category: Authentication layer Reproducibility: always Severity: minor Priority: normal Status: new target: ====================================================================== Date Submitted: 11-May-11 21:23 CEST Last Modified: 04-Jul-11 15:53 CEST ====================================================================== Summary: non escaped sumbols from imap Description: It looks like dbmail-imapd doesn't remove escape symbols from special characters passed by IMAP. This leads to some inconveniences. Sorry for such raw report, I will try to reproduce it against latest version and provide you with a patch soon. ======================================================================
---------------------------------------------------------------------- (0003182) vampyre (reporter) - 17-May-11 21:25 http://www.dbmail.org/mantis/view.php?id=901#c3182 ---------------------------------------------------------------------- Btw, it looks similar to http://www.dbmail.org/mantis/view.php?id=853. I've noticed this description field was modified in that report. ---------------------------------------------------------------------- (0003183) paul (administrator) - 17-May-11 22:22 http://www.dbmail.org/mantis/view.php?id=901#c3183 ---------------------------------------------------------------------- Please provide the dbmail version and steps to reproduce. ---------------------------------------------------------------------- (0003184) vampyre (reporter) - 17-May-11 22:49 http://www.dbmail.org/mantis/view.php?id=901#c3184 ---------------------------------------------------------------------- I am using dbmail-2.3.7 dated at 20100111. I have described the steps to reproduce earlier. You should try to authenticate via LOGIN method with password that contain special characters like (", \). Btw, I have fixed the issue locally and enclosed the patch for you. However it was done in a rush so I suppose the place for g_strcompress can be reconsidered. I will recheck this against new version of dbmail if this is required. Could you please inform me if so, thank you. Looking forward for your reply. ---------------------------------------------------------------------- (0003185) vampyre (reporter) - 30-May-11 13:11 http://www.dbmail.org/mantis/view.php?id=901#c3185 ---------------------------------------------------------------------- Unfortunately I have found some issues with this patch as it not fully correspond to RFC requirements: I mean that according to RFC IMAP should un-escape like: Original line: "test line1\\s", "test line2\s" Un-escaped line: "test line1\s" "test line2\s" So the first case is handled correctly with that patch, but the second fails. I am working on correct solution now, and provide you with a patch as soon as I can. Sorry for inconveniences. ---------------------------------------------------------------------- (0003194) vampyre (reporter) - 24-Jun-11 09:42 http://www.dbmail.org/mantis/view.php?id=901#c3194 ---------------------------------------------------------------------- Hello, I have completed the correct patch according to RFC, please review and apply it if it is acceptable on your point of view. ---------------------------------------------------------------------- (0003198) paul (administrator) - 26-Jun-11 12:26 http://www.dbmail.org/mantis/view.php?id=901#c3198 ---------------------------------------------------------------------- Some remarks: try to replace the if (MATCH(self->command...)) with a switch statement like in dbmail_imap_session_mailbox_status for performance reasons. please split up the unescape function and extract the actual unescape routine into a separate function. This separate function needs to have unit-tests in for example test/check_dbmail_misc.c. since this functionality simply strips chars from a char* doing malloc/free loops seems complete overkill. Try to rethink in terms of in-place editing. ---------------------------------------------------------------------- (0003199) vampyre (reporter) - 26-Jun-11 18:35 http://www.dbmail.org/mantis/view.php?id=901#c3199 ---------------------------------------------------------------------- Hi paul, thanks for advice. Sounds reasonable, will do that in nearest time. ---------------------------------------------------------------------- (0003204) paul (administrator) - 04-Jul-11 10:58 http://www.dbmail.org/mantis/view.php?id=901#c3204 ---------------------------------------------------------------------- please test commit 6bf8d751279bfb50ab1c9b63d6298ebd4cac12e0 ---------------------------------------------------------------------- (0003206) vampyre (reporter) - 04-Jul-11 12:44 http://www.dbmail.org/mantis/view.php?id=901#c3206 ---------------------------------------------------------------------- Thanks, I am looking at it, as I can see the command_type is 'null' in imap4_tokenizer_main and it looks like it is due to command_type initialized later in imap4 call: == if (! imap4_tokenizer(session, buffer)) // Here we don't have command_type continue; .... if ( session->parser_state ) { result = imap4(session); // Here we initialize the command_type for session == Am I right? Btw, could you please add some debug in "if" conditions, it is hard to understand if the command was processed by unescape function. ---------------------------------------------------------------------- (0003207) paul (administrator) - 04-Jul-11 14:47 http://www.dbmail.org/mantis/view.php?id=901#c3207 ---------------------------------------------------------------------- Ok, you're quite right. The unscape loop was called in the wrong place. I've also added some debug helpers. But you need to enable them in the code. x login testuser "test \"" now works. try: 99a180efbbb57b898673cc69bce6b2b46582c946 ---------------------------------------------------------------------- (0003208) vampyre (reporter) - 04-Jul-11 15:53 http://www.dbmail.org/mantis/view.php?id=901#c3208 ---------------------------------------------------------------------- Yes, it works fine. I will testing it this week and inform you if any. Thank you, it is a pleasure to work with you :) Issue History Date Modified Username Field Change ====================================================================== 11-May-11 21:23 vampyre New Issue 17-May-11 21:25 vampyre Note Added: 0003182 17-May-11 22:22 paul Note Added: 0003183 17-May-11 22:44 vampyre File Added: 0001-0000901-fix-unescaped-symbols-in-password.patch 17-May-11 22:49 vampyre Note Added: 0003184 30-May-11 13:11 vampyre Note Added: 0003185 24-Jun-11 09:42 vampyre Note Added: 0003194 24-Jun-11 09:43 vampyre File Added: patch_to_mantis 26-Jun-11 12:26 paul Note Added: 0003198 26-Jun-11 18:35 vampyre Note Added: 0003199 28-Jun-11 18:32 paul File Added: escape.c 28-Jun-11 18:33 paul Note Added: 0003200 04-Jul-11 10:58 paul Note Added: 0003204 04-Jul-11 10:58 paul File Deleted: escape.c 04-Jul-11 10:58 paul Note Deleted: 0003200 04-Jul-11 12:44 vampyre Note Added: 0003206 04-Jul-11 14:47 paul Note Added: 0003207 04-Jul-11 15:53 vampyre Note Added: 0003208 ====================================================================== _______________________________________________ Dbmail-dev mailing list Dbmail-dev@dbmail.org http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail-dev
