6.0.0-beta6
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
4/10/26
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#7182] IMAP login broken/double connection with maybe debug kinda stuff
*
Your Email Address
*
Spam protection
Enter the letters below:
. .. .. ..___..__ | || ||\/| | [__) |/\||/\|| | | |
Comment
> no proxy, horde is running on the same box as the mail daemon. after > me edit things work. the password is never sent, if as you said it's > expecting a pass on the next line then there would be a error on the > next line about a invalid command with the password exposed. > > > > so: > > $read = $this->_runCommand("LOGIN \"$username\" {" . > strlen($password) . "}"); > > if (!is_a($read, 'PEAR_Error') && ($read->type == > IMP_IMAPCLIENT_CONTINUATION)) { > > $read = $this->_runCommand($password); > > } > > > > should result in: > > LOGIN "username@password" {8} > > password > > > > with a clean login. > > > > and my edit of: > > $read = $this->_runCommand("LOGIN $username " . $password); > > if (!is_a($read, 'PEAR_Error') && ($read->type == > IMP_IMAPCLIENT_CONTINUATION)) { > > $read = $this->_runCommand($password); > > } > > > > should result in: > > LOGIN username@password password > > password > > > > which would throw an error because of "password" clearly password isn't sent. > > > > time to do it by hand... telnet... > > > > * OK IMAP Module of ArGoSoft Mail Server Pro for WinNT/2000/XP, > Version 1.8 (1.8 > > .9.5) > > A001 CAPABILITY > > * CAPABILITY IMAP4 IMAP4rev1 ArgosoftExt > > A001 OK CAPABILITY completed > > A002 LOGIN "username@password" {8} > > A002 NO LOGIN failed > > password > > password BAD Unknown command > > A003 LOGIN "username@password" {8}password > > A003 NO LOGIN failed > > A004 LOGIN "username@password" {8} password > > A004 NO LOGIN failed > > A005 LOGOUT > > * BYE Aba he > > A005 OK LOGOUT completed > > > > > > no chance for a next line to have a password there is no window so if > it's a compliance issue others have the same problem. some kinda > switch is needed to turn that on/off. > > > > those additional tries were to see if a space might work or if ti was > just not looking for the line ending. > > > > telnet to a different (linux) box > > > > * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE > THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL > ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2004 Double > Precision, Inc. See COPYING for distribution information. > > A001 CAPABILITY > > * CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE > THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL > ACL2=UNION STARTTLS > > A001 OK CAPABILITY completed > > A002 LOGIN "username@password" {8} > > + OK > > password > > A002 OK LOGIN Ok. > > A003 LOGOUT > > * BYE Courier-IMAP server shutting down > > A003 OK LOGOUT completed > > > > seems pretty hit and miss for ones that support it. > > > > maybe a switch to force the normal version, literal, or auto. auto > maybe tries a second time using normal if literal fails before the > bailing. > > > > is there a existing function that can be used to clean the variable > from injections where my modification is? > >
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers