diff options
| author | Eduardo Chappa <chappa@washington.edu> | 2013-05-31 17:08:22 -0600 |
|---|---|---|
| committer | Eduardo Chappa <chappa@washington.edu> | 2013-05-31 17:08:22 -0600 |
| commit | 81e994d7907f850506ddc248f84761a54995e58c (patch) | |
| tree | 3bc4993b48ddeec45dee51323437200ab975887c /imap/src/c-client/nntp.c | |
| parent | 077522d7e058133f9de99d0d74481566b21c5a98 (diff) | |
| download | alpine-81e994d7907f850506ddc248f84761a54995e58c.tar.xz | |
* Fix not allow remote execution by adding PIPE_NOSHELL to the opening of a url by
a browser.
Diffstat (limited to 'imap/src/c-client/nntp.c')
| -rw-r--r-- | imap/src/c-client/nntp.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/imap/src/c-client/nntp.c b/imap/src/c-client/nntp.c index fe90edba..8fbcb9b7 100644 --- a/imap/src/c-client/nntp.c +++ b/imap/src/c-client/nntp.c @@ -2031,6 +2031,7 @@ long nntp_send_auth_work (SENDSTREAM *stream,NETMBX *mb,char *pwd,long flags) sprintf (tmp,"Retrying using %s authentication after %.80s", at->name,lsterr); mm_log (tmp,NIL); + delete_password(mb, mb ? mb->user : NULL); fs_give ((void **) &lsterr); } trial = 0; /* initial trial count */ @@ -2039,6 +2040,7 @@ long nntp_send_auth_work (SENDSTREAM *stream,NETMBX *mb,char *pwd,long flags) if (lsterr) { sprintf (tmp,"Retrying %s authentication after %.80s",at->name,lsterr); mm_log (tmp,WARN); + delete_password(mb, mb ? mb->user : NULL); fs_give ((void **) &lsterr); } stream->saslcancel = NIL; @@ -2064,6 +2066,7 @@ long nntp_send_auth_work (SENDSTREAM *stream,NETMBX *mb,char *pwd,long flags) sprintf (tmp,"Can not authenticate to NNTP server: %.80s",lsterr); mm_log (tmp,ERROR); } + delete_password(mb, mb ? mb->user : NULL); fs_give ((void **) &lsterr); } else if (mb->secflag) /* no SASL, can't do /secure */ @@ -2092,6 +2095,8 @@ long nntp_send_auth_work (SENDSTREAM *stream,NETMBX *mb,char *pwd,long flags) stream->sensitive = T; /* hide this command */ if (nntp_send_work (stream,"AUTHINFO PASS",pwd) == NNTPAUTHED) ret = LONGT; /* password OK */ + else + delete_password(mb, mb ? mb->user : NULL); stream->sensitive = NIL; /* unhide */ if (ret) break; /* OK if successful */ default: /* authentication failed */ |