#3862: Error in POP3 authentication via SASL mechanism DIGEST-MD5
-----------------------+----------------------
Reporter: g1pimutt | Owner: mutt-dev
Type: defect | Status: new
Priority: major | Milestone:
Component: POP | Version:
Resolution: | Keywords:
-----------------------+----------------------
Comment (by g1pimutt):
Please forget my first patch.
I just tested my second patch with PLAIN, and it works fine. In this
case, the code preceding the loop sets rc to SASL_OK and client_start to
the length of the auth string. The loop is entered twice, but
sasl_client_step is never called:
1st time (client_start != 0, rc == SASL_OK):
send "AUTH PLAIN"
receive "+ "
2nd time (client_start == 0, rc == SASL_OK):
send base64(auth-string)
receive "+OK"
exit because (!client_start && rc != SASL_CONTINUE)
The exchange between client and server is exactly what it has to be. The
break instruction modified by my patch is never triggered, because rc ==
SASL_OK all the time.
Despite being very convoluted, the code maintains the invariant that on
successful exit from the loop inbuf contains either "+OK" or "-ERR",
unless the SASL interaction failed early (goto bail).
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3862#comment:12>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
