On 04-12-13 08:52, Pavlo Lavrenenko wrote:
> Hi. Looks like dbmail does not perform any kind of decoding for the
> logins like test%40test@domain. Thats not a big problem, I can improve
> this as log as I use customized auth module. What I am worried about is
> that such names are easily treated as printf-alike patterns inside
> dbmail_imap_session_buff_printf()
>
> This causes some unpleasant consequences:
>
> A001 LOGIN "test%40test@porta-um.intra" "zzzxxx123"
> A001 OK [CAPABILITY IMAP4rev1 IDLE RIGHTS=texk NAMESPACE CHILDREN SORT
> QUOTA THREAD=ORDEREDSUBJECT UNSELECT STARTTLS ID] User test
> 6.927722e-310st@porta-um.intra authenticated
>
> Paul, can you give a hint is it safe to leave such behavior as-is?
They should be treated as string-literals. I guess some audit of the
code involved is in order.
--
________________________________________________________________
Paul J Stevens pjstevns @ gmail, twitter, github, linkedin
* Premium Hosting Services and Web Application Consultancy *
www.nfg.nl/i...@nfg.nl/+31.85.877.99.97
________________________________________________________________
_______________________________________________
Dbmail-dev mailing list
Dbmail-dev@dbmail.org
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail-dev
