* be more paranoid about the previous content of passvoid buffers

[citadel.git] / citadel / modules / imap / serv_imap.c

diff --git a/citadel/modules/imap/serv_imap.c b/citadel/modules/imap/serv_imap.c
index af02dd68cb4da83c8c9cc08401c91ca0ecf760f8..3d4fc9b93cee8e572dab2055335dc2e0cec2ef44 100644 (file)
--- a/citadel/modules/imap/serv_imap.c
+++ b/citadel/modules/imap/serv_imap.c
@@ -447,11 +447,20 @@ void imap_output_capability_string(void) {
 
        /* We are building a partial implementation of METADATA for the sole purpose
         * of interoperating with the ical/vcard version of the Bynari Insight Connector.
-        * If you were expecting something else, comment out one or both of these
-        * extension advertisements.
+        * It is not a full RFC5464 implementation, but it should refuse non-Bynari
+        * metadata in a compatible and graceful way.
         */
        cprintf(" METADATA");
-       /* cprintf(" LIST-EXTENDED"); */
+
+       /*
+        * LIST-EXTENDED was originally going to be required by the METADATA extension.
+        * It was mercifully removed prior to the finalization of RFC5464.  We started
+        * implementing this but stopped when we learned that it would not be needed.
+        * If you uncomment this declaration you are responsible for writing a lot of new
+        * code.
+        *
+        * cprintf(" LIST-EXTENDED")
+        */
 }
 
 /*
@@ -593,6 +602,7 @@ void imap_auth_plain(char *cmd)
        char pass[256];
        int result;
 
+       memset(pass, 0, sizeof(pass));
        CtdlDecodeBase64(decoded_authstring, cmd, strlen(cmd));
        safestrncpy(ident, decoded_authstring, sizeof ident);
        safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user);
@@ -632,6 +642,7 @@ void imap_auth_login_pass(char *cmd)
 {
        char buf[SIZ];
 
+       memset(buf, 0, sizeof(buf));
        CtdlDecodeBase64(buf, cmd, SIZ);
        if (CtdlTryPassword(buf) == pass_ok) {
                cprintf("%s OK authentication succeeded\r\n", IMAP->authseq);
@@ -753,7 +764,7 @@ void imap_select(int num_parms, char *parms[])
         * 
         * Unfortunately, omitting \Deleted as a PERMANENTFLAGS flag causes
         * some clients (particularly Thunderbird) to misbehave -- they simply
-        * electing not to transmit the flag at all.  So we have to advertise
+        * elect not to transmit the flag at all.  So we have to advertise
         * \Deleted as a PERMANENTFLAGS flag, even though it technically isn't.
         */
        cprintf("* FLAGS (\\Deleted \\Seen \\Answered)\r\n");
@@ -889,9 +900,13 @@ void imap_create(int num_parms, char *parms[])
        int newroomview = 0;
        char *notification_message = NULL;
 
+       if (num_parms < 3) {
+               cprintf("%s NO A foder name must be specified\r\n", parms[0]);
+               return;
+       }
+
        if (strchr(parms[2], '\\') != NULL) {
-               cprintf("%s NO Invalid character in folder name\r\n",
-                       parms[0]);
+               cprintf("%s NO Invalid character in folder name\r\n", parms[0]);
                CtdlLogPrintf(CTDL_DEBUG, "invalid character in folder name\n");
                return;
        }
@@ -1016,7 +1031,7 @@ void imap_status(int num_parms, char *parms[])
        char savedroom[ROOMNAMELEN];
        int msgs, new;
 
-       ret = imap_grabroom(roomname, parms[2], 0);
+       ret = imap_grabroom(roomname, parms[2], 1);
        if (ret != 0) {
                cprintf
                    ("%s NO Invalid mailbox name or location, or access denied\r\n",
@@ -1118,7 +1133,7 @@ void imap_unsubscribe(int num_parms, char *parms[])
        char savedroom[ROOMNAMELEN];
        int msgs, new;
 
-       ret = imap_grabroom(roomname, parms[2], 0);
+       ret = imap_grabroom(roomname, parms[2], 1);
        if (ret != 0) {
                cprintf
                    ("%s NO Invalid mailbox name or location, or access denied\r\n",