banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- Close properly IMAP connection when login fails

Browse Source 
- Don't use LOGIN when server sent LOGINDISABLED
release-0.6
alecpl 14 years ago
parent 77327e252a
commit f0638be52a
1 changed files with 20 additions and 13 deletions
Show Stats Download Patch File Download Diff File

29
program/include/rcube_imap_generic.php
Unescape Escape View File

@ -680,8 +680,6 @@ class rcube_imap_generic
$auth_method = 'CHECK'; $auth_method = 'CHECK';
} }
$message = "INITIAL: $auth_method\n";
$result = false; $result = false;
// initialize connection // initialize connection
@ -737,10 +735,12 @@ class rcube_imap_generic
// Connected to wrong port or connection error? // Connected to wrong port or connection error?
if (!preg_match('/^\* (OK|PREAUTH)/i', $line)) { if (!preg_match('/^\* (OK|PREAUTH)/i', $line)) {
if ($line) if ($line)
$this->error = sprintf("Wrong startup greeting (%s:%d): %s", $host, $this->prefs['port'], $line); $error = sprintf("Wrong startup greeting (%s:%d): %s", $host, $this->prefs['port'], $line);
else else
$this->error = sprintf("Empty startup greeting (%s:%d)", $host, $this->prefs['port']); $error = sprintf("Empty startup greeting (%s:%d)", $host, $this->prefs['port']);
$this->errornum = self::ERROR_BAD;
$this->set_error(self::ERROR_BAD, $error);
$this->close();
return false; return false;
} }
@ -749,7 +749,7 @@ class rcube_imap_generic
$this->parseCapability($matches[1], true); $this->parseCapability($matches[1], true);
} }
$this->message .= $line; $this->message = $line;
// TLS connection // TLS connection
if ($this->prefs['ssl_mode'] == 'tls' && $this->getCapability('STARTTLS')) { if ($this->prefs['ssl_mode'] == 'tls' && $this->getCapability('STARTTLS')) {
@ -757,11 +757,13 @@ class rcube_imap_generic
$res = $this->execute('STARTTLS'); $res = $this->execute('STARTTLS');
if ($res[0] != self::ERROR_OK) { if ($res[0] != self::ERROR_OK) {
$this->close();
return false; return false;
} }
if (!stream_socket_enable_crypto($this->fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) { if (!stream_socket_enable_crypto($this->fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
$this->set_error(self::ERROR_BAD, "Unable to negotiate TLS"); $this->set_error(self::ERROR_BAD, "Unable to negotiate TLS");
$this->close();
return false; return false;
} }
@ -790,6 +792,12 @@ class rcube_imap_generic
} }
} }
else { else {
// Prevent from sending credentials in plain text when connection is not secure
if ($auth_method == 'LOGIN' && $this->getCapability('LOGINDISABLED')) {
$this->set_error(self::ERROR_BAD, "Login disabled by IMAP server");
$this->close();
return false;
}
// replace AUTH with CRAM-MD5 for backward compat. // replace AUTH with CRAM-MD5 for backward compat.
$auth_methods[] = $auth_method == 'AUTH' ? 'CRAM-MD5' : $auth_method; $auth_methods[] = $auth_method == 'AUTH' ? 'CRAM-MD5' : $auth_method;
} }
@ -829,8 +837,7 @@ class rcube_imap_generic
} }
// Close connection // Close connection
@fclose($this->fp); $this->close();
$this->fp = false;
return false; return false;
} }
@ -842,10 +849,10 @@ class rcube_imap_generic
function close() function close()
{ {
if ($this->logged && $this->putLine($this->next_tag() . ' LOGOUT')) { if ($this->putLine($this->next_tag() . ' LOGOUT')) {
if (!feof($this->fp)) $this->readReply();
fgets($this->fp, 1024);
} }
@fclose($this->fp); @fclose($this->fp);
$this->fp = false; $this->fp = false;
} }

Write Preview
Loading…
Cancel
Save