On Tue, 13 Apr 2004, Henry Baragar wrote:
>The last I heard there were some open questions about "invalid" mailboxes
>and I have not seen an update. What makes a mailbox "invalid"?
>Conversely, what makes a mailbox "valid"?
>It appears (from my limited testing) that Binc does not list mailboxes
>that begin or end with a dot (".") or have two sequential dots ("..")
>anywhere in the name in an IMAPDIR depot. Is this correct?
This is correct; the code in depot.cc shows how this is implemented for
Maildir++ and IMAPdir.
>However, I can still edit the .bincimap-subscribed file and add
>"folder//slashes" or "//leading/slashes" (with valid associated Maildirs)
>which will cause Outlook to crash.
Hmm.. Binc should be more critical to the contents of the subscribed file.
Currently it assumes all is good that comes from .bincimap-subscribed, as
it is its own file and the only current editor.
At the same time, Outlook is silly because it crashes here. It shouldn't
crash no matter what is returned from the IMAP server. I wonder if the
crash is caused by a buffer error or not. :-/ It might be exploitable.
>In Opera I get some interesting results when I try to create
>"two//slashes":
> 1. Opera sends "CREATE two//slashes"
> 2. Binc replies "NO CREATE FAILED", which Opera ignores
> 3. Opera sends "SUBSCRIBE two//slashes"
> 4. Binc replies "OK SUBSCRIBE completed"
> 5. Opera sends "STATUS two//slashes (MESSAGES UIDNEXT RECENT)"
> 6. Binc replies "NO STATUS failed: Unrecognized mailbox: "two//slashes""
>The .bincimap-subscribed now contains "two//slashes" but all other
>operations seem to fail.
>So, where does this leave us?
Opera is definitely at fault here, as the IMAP protocol explicitly said
that the CREATE failed. Binc IMAP can not be blamed for not validating the
two//slashes name, because the rfc only says that the server MAY do
validation here, so the client has full rights to subscribe to something
that doesn't exist.
There was a discussion about using the subscribed list for other purposes
than subscribing to mailboxes, such as using it to subscribe to "features"
in the server. But the most reasonable thing for Binc to do today would be
to start validating the mailbox that is passed as argument to SUBSCRIBE.
I'll add this to the todo for 1.2.8, just need to get 1.2.7 out first
(it's been deferred for too long already).
Andy :-)
--
Andreas Aardal Hanssen | http://www.andreas.hanssen.name/gpg
Author of Binc IMAP | "It is better not to do something
http://www.bincimap.org/ | than to do it poorly."
