Fix IMAP segfault due to NULL capstr.

After a failed login, the connection is left open but capstr is freed.
If a second login attempt is made, imap_auth_sasl was trying to strstr
using the NULL capstr.

Add a NONULL around the capstr parameter to strstr.  Change
imap_conn_find() to keep the capstr around until a successful
authentication occurs.

diff --git a/imap/auth_sasl.c b/imap/auth_sasl.c
index ea076cf341b266d57ad7730e52f314d3ff3cb609..ff9e5c165bf5830a619c9e29070fa7cb78a3520d 100644 (file)
--- a/imap/auth_sasl.c
+++ b/imap/auth_sasl.c
@@ -70,7 +70,7 @@ imap_auth_res_t imap_auth_sasl (IMAP_DATA* idata, const char* method)
       rc = sasl_client_start (saslconn, "AUTH=ANONYMOUS", NULL, &pc, &olen, 
                               &mech);
   } else if (!ascii_strcasecmp ("login", method) &&
-       !strstr (idata->capstr, "AUTH=LOGIN"))
+       !strstr (NONULL (idata->capstr), "AUTH=LOGIN"))
     /* do not use SASL login for regular IMAP login (#3556) */
     return IMAP_AUTH_UNAVAIL;
   

diff --git a/imap/imap.c b/imap/imap.c
index 93dc06a7f7b256793a181de77ed81fc02ef41fed..8c89ae2c7f44b003a7a77d259841b7a53d2b6487 100644 (file)
--- a/imap/imap.c
+++ b/imap/imap.c
@@ -373,6 +373,7 @@ IMAP_DATA* imap_conn_find (const ACCOUNT* account, int flags)
     if (!imap_authenticate (idata))
     {
       idata->state = IMAP_AUTHENTICATED;
+      FREE (&idata->capstr);
       new = 1;
       if (idata->conn->ssf)
        dprint (2, (debugfile, "Communication encrypted at %d bits\n",
@@ -380,8 +381,6 @@ IMAP_DATA* imap_conn_find (const ACCOUNT* account, int flags)
     }
     else
       mutt_account_unsetpass (&idata->conn->account);
-
-    FREE (&idata->capstr);
   }
   if (new && idata->state == IMAP_AUTHENTICATED)
   {