forked from pool/fetchmail
Pedro Monreal Gonzalez
fe4b96277c
- Backported support for OAUTH2 authentication from Fetchmail 7.0. - add imap oauthbearer support - support oauthbearer/xoauth2 with pop3 - add passwordfile and passwordfd options - add contrib/fetchnmail-oauth2.py token acquisition utility - FAQ: list gmail options including oauthbearer and app password - give each ctl it's own copy of password - re-read passwordfile on every poll - add query_to64_outsize() utility function - Chase and integrate interface change. - oauth2.c: calculate and pass in correct buffer size to to64frombits() - Increase max password length to handle oauth tokens - Bump max. passwordlen to 10000 bytes. - Add README.OAUTH2 - Added patches: * fetchmail-add-imap-oauthbearer-support.patch * fetchmail-support-oauthbearer-xoauth2-with-pop3.patch * fetchmail-add-passwordfile-and-passwordfd-options.patch * fetchmail-add-contrib-fetchnmail-oauth2.py-token-acquisition-u.patch * fetchmail-FAQ-list-gmail-options-including-oauthbearer-and-app.patch * fetchmail-give-each-ctl-it-s-own-copy-of-password.patch * fetchmail-re-read-passwordfile-on-every-poll.patch * fetchmail-add-query_to64_outsize-utility-function.patch * fetchmail-chase-and-integrate-interface-change.patch * fetchmail-oauth2-c-calculate-and-pass-in-correct-buffer-size-to-to64frombits.patch * fetchmail-increase-max-password-length-to-handle-oauth-tokens.patch * fetchmail-bump-max-passwordlen-to-1bytes.patch * fetchmail-add-readme-oauth2-issue-27.patch OBS-URL: https://build.opensuse.org/request/show/892934 OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=113
49 lines
1.5 KiB
Diff
49 lines
1.5 KiB
Diff
From: Matthew Ogilvie <mmogilvi+fml@zoho.com>
|
|
Date: Fri, 9 Jun 2017 19:31:17 -0600
|
|
Subject: give each ctl it's own copy of password
|
|
Git-repo: https://gitlab.com/fetchmail/fetchmail.git
|
|
Git-commit: 469b0a212e7f047ab16ef46a9158df5fb373e8c2
|
|
|
|
pwdb_* and passwordfile options may free and re-allocate password
|
|
for each poll operation. Giving each context it's own copy of
|
|
the password should prevent accessing freed memory in another copy.
|
|
|
|
I haven't tested pwmd, but these seem like obvious fixes.
|
|
---
|
|
fetchmail.c | 12 ++++++++++--
|
|
1 file changed, 10 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/fetchmail.c b/fetchmail.c
|
|
index 0292d42a..e2828a4f 100644
|
|
--- a/fetchmail.c
|
|
+++ b/fetchmail.c
|
|
@@ -386,7 +386,7 @@ int main(int argc, char **argv)
|
|
if (NO_PASSWORD(ctl))
|
|
/* Server won't care what the password is, but there
|
|
must be some non-null string here. */
|
|
- ctl->password = ctl->remotename;
|
|
+ ctl->password = xstrdup(ctl->remotename);
|
|
else if (!ctl->passwordfile && ctl->passwordfd==-1)
|
|
{
|
|
netrc_entry *p;
|
|
@@ -1072,7 +1072,15 @@ static void optmerge(struct query *h2, struct query *h1, int force)
|
|
|
|
FLAG_MERGE(wildcard);
|
|
STRING_MERGE(remotename);
|
|
- STRING_MERGE(password);
|
|
+ if (force ? !!h1->password : !h2->password) {
|
|
+ if (h2->password) {
|
|
+ memset(h2->password, 0x55, strlen(h2->password));
|
|
+ xfree(h2->password);
|
|
+ }
|
|
+ if (h1->password) {
|
|
+ h2->password = xstrdup(h1->password);
|
|
+ }
|
|
+ }
|
|
FLAG_MERGE(passwordfile);
|
|
if (force ? h1->passwordfd!=-1 : h2->passwordfd==-1) {
|
|
h2->passwordfd = h1->passwordfd;
|
|
--
|
|
2.31.1
|
|
|