33 lines
1.1 KiB
Diff
33 lines
1.1 KiB
Diff
--- evolution-data-server-1.10.1/camel/providers/pop3/camel-pop3-store.c.apop-auth-vulnerability 2007-04-09 08:42:37.000000000 -0400
|
|
+++ evolution-data-server-1.10.1/camel/providers/pop3/camel-pop3-store.c 2007-04-24 16:12:28.000000000 -0400
|
|
@@ -34,6 +34,7 @@
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
#include <errno.h>
|
|
+#include <ctype.h>
|
|
|
|
#include "camel-operation.h"
|
|
|
|
@@ -489,6 +490,21 @@
|
|
} else if (strcmp(service->url->authmech, "+APOP") == 0 && store->engine->apop) {
|
|
char *secret, md5asc[33], *d;
|
|
unsigned char md5sum[16], *s;
|
|
+
|
|
+ d = store->engine->apop;
|
|
+
|
|
+ while (*d != '\0') {
|
|
+ if (!isascii((int)*d)) {
|
|
+ camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_URL_INVALID,
|
|
+ _("Unable to connect to POP server %s: "
|
|
+ "Invalid APOP ID received. Impersonation attack "
|
|
+ "suspected. Please contact your admin."),
|
|
+ CAMEL_SERVICE (store)->url->host);
|
|
+
|
|
+ return FALSE;
|
|
+ }
|
|
+ d++;
|
|
+ }
|
|
|
|
secret = g_alloca(strlen(store->engine->apop)+strlen(service->url->passwd)+1);
|
|
sprintf(secret, "%s%s", store->engine->apop, service->url->passwd);
|