From 0ebf60fcc3e33ca5ee0c88ef2b0f3fda7a7a3e9c Mon Sep 17 00:00:00 2001 From: Kevin McCarthy Date: Fri, 26 Jun 2015 12:23:26 -0700 Subject: [PATCH] Fix IMAP segfault due to NULL capstr. After a failed login, the connection is left open but capstr is freed. If a second login attempt is made, imap_auth_sasl was trying to strstr using the NULL capstr. Add a NONULL around the capstr parameter to strstr. Change imap_conn_find() to keep the capstr around until a successful authentication occurs. --- imap/auth_sasl.c | 2 +- imap/imap.c | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/imap/auth_sasl.c b/imap/auth_sasl.c index ea076cf34..ff9e5c165 100644 --- a/imap/auth_sasl.c +++ b/imap/auth_sasl.c @@ -70,7 +70,7 @@ imap_auth_res_t imap_auth_sasl (IMAP_DATA* idata, const char* method) rc = sasl_client_start (saslconn, "AUTH=ANONYMOUS", NULL, &pc, &olen, &mech); } else if (!ascii_strcasecmp ("login", method) && - !strstr (idata->capstr, "AUTH=LOGIN")) + !strstr (NONULL (idata->capstr), "AUTH=LOGIN")) /* do not use SASL login for regular IMAP login (#3556) */ return IMAP_AUTH_UNAVAIL; diff --git a/imap/imap.c b/imap/imap.c index 93dc06a7f..8c89ae2c7 100644 --- a/imap/imap.c +++ b/imap/imap.c @@ -373,6 +373,7 @@ IMAP_DATA* imap_conn_find (const ACCOUNT* account, int flags) if (!imap_authenticate (idata)) { idata->state = IMAP_AUTHENTICATED; + FREE (&idata->capstr); new = 1; if (idata->conn->ssf) dprint (2, (debugfile, "Communication encrypted at %d bits\n", @@ -380,8 +381,6 @@ IMAP_DATA* imap_conn_find (const ACCOUNT* account, int flags) } else mutt_account_unsetpass (&idata->conn->account); - - FREE (&idata->capstr); } if (new && idata->state == IMAP_AUTHENTICATED) { -- 2.40.0