Hello, mbsync currently assumes that all password inputs are double quote escaped¹. This is true for "Pass" config entries, the output of "PassCmd", and also for passwords entered at the terminal.
Thus if one's IMAP password is the three character sequence: a\b
it must entered in one of the following ways:
1. Pass "a\\b"
2. PassCmd "gpg -d mypass.gpg | sed 's:\\:\\\\:g'"
3. $ mbsync chan
…
Password (chan-imap): a\\b
Entering an IMAP password that contains a double quote is even more
difficult since config.c:get_arg() does not implement a proper quoted
string parser.
I propose that mbsync always store the unescaped raw form of the
password when writing to a config->pass entry. User input from the
"Pass" config directive would be conditionally unescaped, and input from
PassCmd and stdin stored as is.
Then, since all config->pass entries are in raw form, a quote() function
can do the work of quoting and escaping strings when appropriate.
I am happy to submit a patch if the maintainer agrees this is a worthy
change and is not inclined to implement it himself.
Cheers, and thank you for the excellent software.
Sung Pae
¹ The following lines in src/compat/config.c illustrate this assumption:
if (cfg->user)
fprintf( fp, "User \"%s\"\n", cfg->user );
if (cfg->pass)
fprintf( fp, "Pass \"%s\"\n", cfg->pass );
This is only safe if all quotes and backslashes in cfg->user and
cfg->pass are backslash escaped.
pgpsY_jGa0Nb_.pgp
Description: PGP signature
------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________ isync-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/isync-devel
