aboutsummaryrefslogtreecommitdiff
path: root/lib/pop3.c
AgeCommit message (Collapse)Author
2012-01-24URL sanitize: reject URLs containing bad dataDaniel Stenberg
Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a decoded manner now use the new Curl_urldecode() function to reject URLs with embedded control codes (anything that is or decodes to a byte value less than 32). URLs containing such codes could easily otherwise be used to do harm and allow users to do unintended actions with otherwise innocent tools and applications. Like for example using a URL like pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get a mail and instead this would delete one. This flaw is considered a security vulnerability: CVE-2012-0036 Security advisory at: http://curl.haxx.se/docs/adv_20120124.html Reported by: Dan Fandrich
2012-01-04Fixed use of CURLUSESSL_TRY for POP3 and IMAP based connections.Steve Holme
Fixed a problem in POP3 and IMAP where a connection would fail when CURLUSESSL_TRY was specified for a server that didn't support SSL/TLS connections rather than continuing.
2012-01-04Fixed incorrect error code being returned in STARTTLSSteve Holme
The STARTTLS response code in SMTP, POP3 and IMAP would return CURLE_LOGIN_DENIED rather than CURLE_USE_SSL_FAILED when SSL/TLS was not available on the server. Reported by: Gokhan Sengun Bug: http://curl.haxx.se/mail/lib-2012-01/0018.html
2011-12-13pop3.c: fix compiler warning variable may be used uninitializedYang Tse
2011-12-01POP3: fixed escaped dot not being striped outSteve Holme
Changed the eob detection to work across the whole of the buffer so that lines that begin with a dot (which the server will have escaped) are passed to the client application correctly.
2011-11-29pop3.c: fix compiler warningYang Tse
2011-11-29POP3: detect when LIST returns no mailsDaniel Stenberg
By making sure the function can detect an "end of body" sequence immediately on the first line, test 811 is now enabled.
2011-11-29POP3: fix end of body detectionDaniel Stenberg
Curl_pop3_write() now has a state machine that scans for the end of a POP3 body so that the CR LF '.' CR LF sequence can come in everything from one up to five subsequent packets. Test case 810 is modified to use SLOWDOWN which makes the server pause between each single byte and thus makes the POP3 body get sent to curl basically one byte at a time.
2011-11-24query-part: ignore the URI part for given protocolsJonas Schnelli
By setting PROTOPT_NOURLQUERY in the protocol handler struct, the protocol will get the "query part" of the URL cut off before the data is handled by the protocol-specific code. This makes libcurl adhere to RFC3986 section 2.2. Test 1220 is added to verify a file:// URL with query-part.
2011-11-03rename ftp_ssl: the struct field is used for many protocolsDaniel Stenberg
Now called 'use_ssl' instead, which better matches the current CURLOPT name and since the option is used for all pingpong protocols (at least) it makes sense to not use 'ftp' in the name.
2011-10-21curl_multi_fdset: correct fdset with FTP PORT useDaniel Stenberg
After a PORT has been issued, and the multi handle would switch to the CURLM_STATE_DO_MORE state (which is unique for FTP), libcurl would return the wrong fdset to wait for when curl_multi_fdset() is called. The code would blindly assume that it was waiting for a connect of the second connection, while that isn't true immediately after the PORT command. Also, the function multi.c:domore_getsock() was highly FTP-centric and therefore ugly to keep in protocol-agnostic code. I solved this problem by introducing a new function pointer in the Curl_handler struct called domore_getsock() which is only called during the DOMORE state for protocols that set that pointer. The new ftp.c:ftp_domore_getsock() function now returns fdset info about the control connection's command/response handling while such a state is in use, and goes over to waiting for a writable second connection first once the commands are done. The original problem could be seen by running test 525 and checking the time stamps in the FTP server log. I can verify that this fix at least fixes this problem. Bug: http://curl.haxx.se/mail/lib-2011-10/0250.html Reported by: Gokhan Sengun
2011-09-05fix bool variables checking and assignmentYang Tse
2011-09-03fix a bunch of MSVC compiler warningsYang Tse
2011-08-19tcpconnect: follow-up commit after b998d95bDaniel Stenberg
As I modified conn->bits.tcpconnect to become an array that holds one bool for each potential connection all uses of that struct field must index it correctly.
2011-07-26stdio.h, stdlib.h, string.h, stdarg.h and ctype.h inclusion done in setup_once.hYang Tse
2011-06-21[pop3] remove extra space in LIST commandOri Avtalion
Some servers, e.g. mail.bezeqint.net:110, consider it a syntax error
2011-05-05RTSP: convert protocol-specific checks to genericDaniel Stenberg
Add a 'readwrite' function to the protocol handler struct and use that for the extra readwrite functionality RTSP needs.
2011-05-05SSL: check for SSL, not specific protocolsDaniel Stenberg
Code cleanup to check less for protocols and more for the specific relevant feature. Like if SSL is required.
2011-04-27whitespace cleanup: no space first in conditionalsDaniel Stenberg
"if(a)" is our style, not "if( a )"
2011-04-27source cleanup: unify look, style and indent levelsDaniel Stenberg
By the use of a the new lib/checksrc.pl script that checks that our basic source style rules are followed.
2011-04-21Fix a couple of spelling errors in lib/Fabian Keil
Found with codespell.
2011-04-20CURL_DOES_CONVERSIONS: cleanupDaniel Stenberg
Massively reduce #ifdefs all over (23 #ifdef lines less so far) Moved conversion-specific code to non-ascii.c
2011-04-05[pop3 starttls] PASS command was not sent after upgrade to TLS.Ben Noordhuis
2011-04-05[pop3 starttls] the command to send is STLS, not STARTTLS.Ben Noordhuis
2011-04-04http-proxy: move proxy code to http_proxy.cDaniel Stenberg
The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-03-19pop3: add state name in debug arrayDaniel Stenberg
We have an array with the state names only built and used when built debug enabled and this need to list all the states from the .h
2011-03-18pop3: use Curl_safefree() to allow torture tests to succeedDan Fandrich
2011-03-18pop3: remove unused variableDaniel Stenberg
2011-03-17Added support for LISTing a single POP3 messageDan Fandrich
Added tests for a number of POP3 LIST operations, including one that shows a curl problem when listing no messages, so is disabled.
2011-03-17pop3: fixed memory leak in an error retrieval caseDan Fandrich
2011-03-15protocol handler cleanup: SSL awarenessDaniel Stenberg
As a follow-up to commit 8831000bc0: don't assume that the SSL powered protocol alternatives are available.
2011-03-14protocols: use CURLPROTO_ internallyDaniel Stenberg
The PROT_* set of internal defines for the protocols is no longer used. We now use the same bits internally as we have defined in the public header using the CURLPROTO_ prefix. This is for simplicity and because the PROT_* prefix was already used duplicated internally for a set of KRB4 values. The PROTOPT_* defines were moved up to just below the struct definition within which they are used.
2011-03-14protocol handler: added flags fieldDaniel Stenberg
The protocol handler struct got a 'flags' field for special information and characteristics of the given protocol. This now enables us to move away central protocol information such as CLOSEACTION and DUALCHANNEL from single defines in a central place, out to each protocol's definition. It also made us stop abusing the protocol field for other info than the protocol, and we could start cleaning up other protocol-specific things by adding flags bits to set in the handler struct. The "protocol" field connectdata struct was removed as well and the code now refers directly to the conn->handler->protocol field instead. To make things work properly, the code now always store a conn->given pointer that points out the original handler struct so that the code can learn details from the original protocol even if conn->handler is modified along the way - for example when switching to go over a HTTP proxy.
2010-12-06url: provide dead_connection flag in Curl_handler::disconnectKamil Dudka
It helps to prevent a hangup with some FTP servers in case idle session timeout has exceeded. But it may be useful also for other protocols that send any quit message on disconnect. Currently used by FTP, POP3, IMAP and SMTP.
2010-05-19Fixed some memory leaks in the POP3 torture testsDan Fandrich
2010-04-16Curl_setup_transfer: no longer returns anythingDaniel Stenberg
This function could only return CURLE_OK and by changing it to a void instead, we can simplify code all over.
2010-04-16POP3: when USER command fails, don't even try PASSDaniel Stenberg
2010-03-29use (s)size_t for string lengths to fix compiler warnsDaniel Stenberg
2010-03-28pop3: Get message listing if no mailbox in URLBen Greear
If you pass a URL to pop3 that does not contain a message ID as part of the URL, it will currently ask for 'INBOX' which just causes the pop3 server to return an error. The change makes libcurl treat en empty message ID as a request for LIST (list of pop3 message IDs). User's code could then parse this and download individual messages as desired.
2010-03-24remove the CVSish $Id$ linesDaniel Stenberg
2010-01-30Make Curl_pop3_write() additionally truncate trailing POP3_EOB from receivedYang Tse
string buffer, otherwise Curl_client_write() call with zero size would write to the end of string buffer including matched POP3_EOB.
2010-01-25make Curl_handler_*_proxy definition staticYang Tse
2009-12-30VMS specific preprocessor symbol checking adjustmentsYang Tse
2009-12-14Fix compiler warningsYang Tse
2009-12-12introducing IMAP, POP3 and SMTP support (still lots of polish left to do)Daniel Stenberg