From: Junio C Hamano <gitster@pobox.com>
To: Nicolas Morey-Chaisemartin <nicolas@morey-chaisemartin.com>
Cc: <git@vger.kernel.org>
Subject: Re: [RFC] imap-send: escape backslash in password
Date: Fri, 04 Aug 2017 12:09:52 -0700 [thread overview]
Message-ID: <xmqqbmnvtain.fsf@gitster.mtv.corp.google.com> (raw)
In-Reply-To: <58b783d6-c024-4491-2f88-edfb9c43c55c@morey-chaisemartin.com> (Nicolas Morey-Chaisemartin's message of "Fri, 4 Aug 2017 18:16:53 +0200")
Nicolas Morey-Chaisemartin <nicolas@morey-chaisemartin.com> writes:
> Password containing backslashes need to have them doubled to have them properly interpreted by the imap server.
Please wrap this into lines with reasonable lengths like 72 cols.
Is the quoting rules documented somewhere? If so, please also give
a reference to it here. RFC3501 "6.2.3 LOGIN Command" does not say
much (other parts of the RFC may specify the rules that apply to
arguments in general, but I didn't look for them). Without such
reference, it is hard to judge if this change is sufficient or even
correct (in an extreme case, the IMAP server you are talking with
that prompted you to make this change might be in violation).
For example, FRC3501 "9. Formal Syntax" says that both "password"
and "userid" are "astring"; it looks strange that the code with this
patch only touches cred.password while sending cred.username as-is.
> +static char* imap_escape_password(const char *passwd)
In our codebase, asterisk sticks to identifier, not typename. I.e.
static char *imap_escape(...)
> +{
> + const unsigned passwd_len = strlen(passwd);
> + char *escaped = xmalloc(2 * passwd_len + 1);
> + const char *passwd_cur = passwd;
> + char *escaped_cur = escaped;
> +
> + do {
> + char *next = strchr(passwd_cur, '\\');
> +
> + if (!next) {
> + strcpy(escaped_cur, passwd_cur);
> + } else {
> + int len = next - passwd_cur + 1;
> +
> + memcpy(escaped_cur, passwd_cur, len);
> + escaped_cur += len;
> + next++;
> + *(escaped_cur++) = '\\';
> + }
> + passwd_cur = next;
> + } while(passwd_cur);
> +
> + return escaped;
> +}
I wonder if we should use strbuf here perhaps like so:
struct strbuf encoded = STRBUF_INIT;
const char *p;
for (p = passwd; *p; p++) {
if (need_bs_quote(*p))
strbuf_addch(&encoded, '\\');
strbuf_addch(&encoded, *p);
}
return strbuf_detach(&encoded, NULL);
> static struct imap_store *imap_open_store(struct imap_server_conf *srvc, char *folder)
> {
> struct credential cred = CREDENTIAL_INIT;
> @@ -1090,7 +1116,7 @@ static struct imap_store *imap_open_store(struct imap_server_conf *srvc, char *f
> if (!srvc->user)
> srvc->user = xstrdup(cred.username);
> if (!srvc->pass)
> - srvc->pass = xstrdup(cred.password);
> + srvc->pass = imap_escape_password(cred.password);
> }
>
> if (srvc->auth_method) {
Thanks.
next prev parent reply other threads:[~2017-08-04 19:10 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-04 16:16 [RFC] imap-send: escape backslash in password Nicolas Morey-Chaisemartin
2017-08-04 19:09 ` Junio C Hamano [this message]
2017-08-04 19:32 ` Nicolas Morey-Chaisemartin
2017-08-04 19:46 ` Andreas Schwab
2017-08-04 20:22 ` Jeff King
2017-08-04 21:18 ` Junio C Hamano
2017-08-04 21:22 ` Jeff King
2017-08-06 19:12 ` Nicolas Morey-Chaisemartin
2017-08-07 20:58 ` Jeff King
2017-08-07 1:34 ` Junio C Hamano
2017-08-08 7:25 ` Jeff King
2017-08-08 16:54 ` Junio C Hamano
2017-08-09 12:04 ` Jeff King
2017-08-04 20:06 ` brian m. carlson
2017-08-04 20:18 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqbmnvtain.fsf@gitster.mtv.corp.google.com \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=nicolas@morey-chaisemartin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).