From: Kevin McCarthy <kevin@8t8.us>
Date: Fri, 26 Jun 2015 19:23:26 +0000 (-0700)
Subject: Fix IMAP segfault due to NULL capstr.
X-Git-Tag: neomutt-20160307~47
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0ebf60fcc3e33ca5ee0c88ef2b0f3fda7a7a3e9c;p=neomutt

Fix IMAP segfault due to NULL capstr.

After a failed login, the connection is left open but capstr is freed.
If a second login attempt is made, imap_auth_sasl was trying to strstr
using the NULL capstr.

Add a NONULL around the capstr parameter to strstr.  Change
imap_conn_find() to keep the capstr around until a successful
authentication occurs.
---

diff --git a/imap/auth_sasl.c b/imap/auth_sasl.c
index ea076cf34..ff9e5c165 100644
--- a/imap/auth_sasl.c
+++ b/imap/auth_sasl.c
@@ -70,7 +70,7 @@ imap_auth_res_t imap_auth_sasl (IMAP_DATA* idata, const char* method)
       rc = sasl_client_start (saslconn, "AUTH=ANONYMOUS", NULL, &pc, &olen, 
                               &mech);
   } else if (!ascii_strcasecmp ("login", method) &&
-	!strstr (idata->capstr, "AUTH=LOGIN"))
+	!strstr (NONULL (idata->capstr), "AUTH=LOGIN"))
     /* do not use SASL login for regular IMAP login (#3556) */
     return IMAP_AUTH_UNAVAIL;
   
diff --git a/imap/imap.c b/imap/imap.c
index 93dc06a7f..8c89ae2c7 100644
--- a/imap/imap.c
+++ b/imap/imap.c
@@ -373,6 +373,7 @@ IMAP_DATA* imap_conn_find (const ACCOUNT* account, int flags)
     if (!imap_authenticate (idata))
     {
       idata->state = IMAP_AUTHENTICATED;
+      FREE (&idata->capstr);
       new = 1;
       if (idata->conn->ssf)
 	dprint (2, (debugfile, "Communication encrypted at %d bits\n",
@@ -380,8 +381,6 @@ IMAP_DATA* imap_conn_find (const ACCOUNT* account, int flags)
     }
     else
       mutt_account_unsetpass (&idata->conn->account);
-
-    FREE (&idata->capstr);
   }
   if (new && idata->state == IMAP_AUTHENTICATED)
   {