From: Kevin McCarthy <kevin@8t8.us>
Date: Tue, 11 Oct 2016 01:09:00 +0000 (-0700)
Subject: Add a few explanatory comments to pop_auth_sasl().  (see #3862)
X-Git-Tag: mutt-1-8-rel~123
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=52d8a8e513d3f1c28147414f71a52eabef7fc8eb;p=mutt

Add a few explanatory comments to pop_auth_sasl().  (see #3862)
---

diff --git a/pop_auth.c b/pop_auth.c
index 9eb080c8..f0794104 100644
--- a/pop_auth.c
+++ b/pop_auth.c
@@ -74,6 +74,10 @@ static pop_auth_res_t pop_auth_sasl (POP_DATA *pop_data, const char *method)
     return POP_A_UNAVAIL;
   }
 
+  /* About client_start:  If sasl_client_start() returns data via pc/olen,
+   * the client is expected to send this first (after the AUTH string is sent).
+   * sasl_client_start() may in fact return SASL_OK in this case.
+   */
   client_start = olen;
 
   mutt_message _("Authenticating (SASL)...");
@@ -97,6 +101,11 @@ static pop_auth_res_t pop_auth_sasl (POP_DATA *pop_data, const char *method)
       return POP_A_SOCKET;
     }
 
+    /* Note we don't exit if rc==SASL_OK when client_start is true.
+     * This is because the first loop has only sent the AUTH string, we
+     * need to loop at least once more to send the pc/olen returned
+     * by sasl_client_start().
+     */
     if (!client_start && rc != SASL_CONTINUE)
       break;
 
@@ -121,6 +130,9 @@ static pop_auth_res_t pop_auth_sasl (POP_DATA *pop_data, const char *method)
       client_start = 0;
     }
 
+    /* Even if sasl_client_step() returns SASL_OK, we should send at
+     * least one more line to the server.  See #3862.
+     */
     if (rc != SASL_CONTINUE && rc != SASL_OK)
       break;