On Fri, Aug 04, 2017 at 06:16:53PM +0200, Nicolas Morey-Chaisemartin wrote:
> static struct imap_store *imap_open_store(struct imap_server_conf *srvc,
> char *folder)
> {
> struct credential cred = CREDENTIAL_INIT;
> @@ -1090,7 +1116,7 @@ static struct imap_store *imap_open_store(struct
> imap_server_conf *srvc, char *f
> if (!srvc->user)
> srvc->user = xstrdup(cred.username);
> if (!srvc->pass)
> - srvc->pass = xstrdup(cred.password);
> + srvc->pass =
> imap_escape_password(cred.password);
> }
>
> if (srvc->auth_method) {I'm not sure if this is correct. It looks like this username and password are used by whatever authentication method we use, whether that's LOGIN or CRAM-MD5. I don't think we'd want to encode the password here before sending it through the CRAM-MD5 authenticator. -- brian m. carlson / brian with sandals: Houston, Texas, US https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: https://keybase.io/bk2204
signature.asc
Description: PGP signature
