diff options
| -rw-r--r-- | alpine/alpine.c | 10 | ||||
| -rw-r--r-- | alpine/imap.c | 47 | ||||
| -rw-r--r-- | alpine/imap.h | 1 | ||||
| -rw-r--r-- | alpine/xoauth2conf.c | 11 | ||||
| -rw-r--r-- | alpine/xoauth2info.c | 13 | ||||
| -rw-r--r-- | imap/src/c-client/auth_bea.c | 3 | ||||
| -rw-r--r-- | imap/src/c-client/auth_oa2.c | 3 | ||||
| -rw-r--r-- | imap/src/c-client/mail.c | 1 | ||||
| -rw-r--r-- | imap/src/c-client/oauth2_aux.c | 6 | ||||
| -rw-r--r-- | imap/src/osdep/unix/ssl_unix.c | 10 | ||||
| -rw-r--r-- | pith/imap.c | 7 | ||||
| -rw-r--r-- | pith/pine.hlp | 2 |
12 files changed, 65 insertions, 49 deletions
diff --git a/alpine/alpine.c b/alpine/alpine.c index cb752603..7a512a1a 100644 --- a/alpine/alpine.c +++ b/alpine/alpine.c @@ -65,6 +65,7 @@ static char rcsid[] = "$Id: alpine.c 1266 2009-07-14 18:39:12Z hubert@u.washingt #include "smime.h" #include "newmail.h" #include "xoauth2conf.h" +#include "xoauth2info.h" #ifndef _WINDOWS #include "../pico/osdep/raw.h" /* for STD*_FD */ #endif @@ -693,6 +694,9 @@ main(int argc, char **argv) min_v = pith_ssl_encryption_version(min_s); max_v = pith_ssl_encryption_version(max_s); + if(min_s != NULL) fs_give((void **) &min_s); + if(max_s != NULL) fs_give((void **) &max_s); + if(min_v < 0 || max_v < 0){ snprintf(tmp_20k_buf, SIZEOF_20KBUF, _("Bad encryption range: \"%s\": resetting to default"), @@ -3405,6 +3409,7 @@ goodnight_gracey(struct pine *pine_state, int exit_val) free_pith_module_globals(); free_pico_module_globals(); free_c_client_module_globals(); + xoauth_free_info(); #ifdef DEBUG if(debugfile){ @@ -3653,10 +3658,7 @@ prune_folders_ok(void) void free_alpine_module_globals(void) -{ -#ifdef LOCAL_PASSWD_CACHE - free_passfile_cache(); -#endif +{ free_message_queue(); free_titlebar_globals(); } diff --git a/alpine/imap.c b/alpine/imap.c index d547ee6e..f8f2133c 100644 --- a/alpine/imap.c +++ b/alpine/imap.c @@ -116,9 +116,7 @@ int preserve_prompt(char *); int preserve_prompt_auth(char *, char *authtype); void update_passfile_hostlist(char *, char *, STRLIST_S *, int); void update_passfile_hostlist_auth(char *, char *, STRLIST_S *, int, char *); -void free_passfile_cache_work(MMLOGIN_S **); -static MMLOGIN_S *passfile_cache = NULL; static int using_passfile = -1; int save_password = 1; #endif /* LOCAL_PASSWD_CACHE */ @@ -875,6 +873,7 @@ mm_login_oauth2(NETMBX *mb, char *user, char *method, } } } + if (x) free_xoauth2_info(&x); /* else use the one we found earlier, the user has to configure this better */ } @@ -902,6 +901,9 @@ mm_login_oauth2(NETMBX *mb, char *user, char *method, mail_parameters(NULL, SET_IDPARAMS, (void *) ps_global->id); } + if(registered) + oa2list->param[OA2_State].value = login->param[OA2_State].value; + /* * We check if we have a refresh token saved somewhere, if so * we use it to get a new access token, otherwise we need to @@ -1063,6 +1065,7 @@ mm_login_oauth2(NETMBX *mb, char *user, char *method, oa2list->cancel_refresh_token = login->cancel_refresh_token; *login = *oa2list; /* load login pointer */ } + if(token) fs_give((void **) &token); if(!ChangeAccessToken && !ChangeRefreshToken && !login->cancel_refresh_token) return; @@ -1071,7 +1074,6 @@ mm_login_oauth2(NETMBX *mb, char *user, char *method, * RefreshToken \001 LastAccessToken \001 ExpirationTime * (spaces added for clarity, \001 is PWDAUTHSEP) */ - if(token) fs_give((void **) &token); sprintf(tmp, "%lu", SaveExpirationTime); tmp[sizeof(tmp) - 1] = '\0'; len = strlen(SaveRefreshToken ? SaveRefreshToken : "") @@ -3943,33 +3945,12 @@ get_passfile_passwd_auth(pinerc, passwd, user, hostlist, altflag, authtype) char *authtype; { dprint((10, "get_passfile_passwd_auth\n")); - return((passfile_cache || read_passfile(pinerc, &passfile_cache)) - ? imap_get_passwd_auth(passfile_cache, passwd, + return((mm_login_list || read_passfile(pinerc, &mm_login_list)) + ? imap_get_passwd_auth(mm_login_list, passwd, user, hostlist, altflag, authtype) : 0); } -void -free_passfile_cache_work(MMLOGIN_S **pwdcache) -{ - if(pwdcache == NULL || *pwdcache == NULL) - return; - - if((*pwdcache)->user) fs_give((void **)&(*pwdcache)->user); -// if((*pwdcache)->passwd) fs_give((void **)&(*pwdcache)->passwd); - if((*pwdcache)->hosts) free_strlist(&(*pwdcache)->hosts); - free_passfile_cache_work(&(*pwdcache)->next); - fs_give((void **)pwdcache); -} - - -void -free_passfile_cache(void) -{ - if(passfile_cache) - free_passfile_cache_work(&passfile_cache); -} - int is_using_passfile(void) { @@ -3985,8 +3966,8 @@ get_passfile_user(pinerc, hostlist) char *pinerc; STRLIST_S *hostlist; { - return((passfile_cache || read_passfile(pinerc, &passfile_cache)) - ? imap_get_user(passfile_cache, hostlist) + return((mm_login_list || read_passfile(pinerc, &mm_login_list)) + ? imap_get_user(mm_login_list, hostlist) : NULL); } @@ -4216,9 +4197,9 @@ set_passfile_passwd_auth(pinerc, passwd, user, hostlist, altflag, already_prompt if(((already_prompted == 0 && preserve_prompt_auth(pinerc, authtype)) || already_prompted == 1) && !ps_global->nowrite_password_cache - && (passfile_cache || read_passfile(pinerc, &passfile_cache))){ - imap_set_passwd_auth(&passfile_cache, passwd, user, hostlist, altflag, 0, 0, authtype); - write_passfile(pinerc, passfile_cache); + && (mm_login_list || read_passfile(pinerc, &mm_login_list))){ + imap_set_passwd_auth(&mm_login_list, passwd, user, hostlist, altflag, 0, 0, authtype); + write_passfile(pinerc, mm_login_list); } } @@ -4255,7 +4236,7 @@ update_passfile_hostlist_auth(pinerc, user, hostlist, altflag, authtype) size_t len = authtype ? strlen(authtype) : 0; size_t offset = authtype ? 1 : 0; - for(l = passfile_cache; l; l = l->next) + for(l = mm_login_list; l; l = l->next) if(imap_same_host_auth(l->hosts, hostlist, authtype) && *user && !strcmp(user, l->user + len + offset) @@ -4267,7 +4248,7 @@ update_passfile_hostlist_auth(pinerc, user, hostlist, altflag, authtype) && hostlist->next->name && !ps_global->nowrite_password_cache){ l->hosts->next = new_strlist_auth(hostlist->next->name, authtype, PWDAUTHSEP); - write_passfile(pinerc, passfile_cache); + write_passfile(pinerc, mm_login_list); } #endif /* !WINCRED */ } diff --git a/alpine/imap.h b/alpine/imap.h index 9104ffff..5e1b7703 100644 --- a/alpine/imap.h +++ b/alpine/imap.h @@ -44,7 +44,6 @@ int is_using_passfile(void); void set_passfile_passwd(char *, char *, char *, STRLIST_S *, int, int); void set_passfile_passwd_auth(char *, char *, char *, STRLIST_S *, int, int, char *); char *get_passfile_user(char *, STRLIST_S *); -void free_passfile_cache(void); #endif /* LOCAL_PASSWD_CACHE */ #if (WINCRED > 0) diff --git a/alpine/xoauth2conf.c b/alpine/xoauth2conf.c index 8c20005b..3cc1fc51 100644 --- a/alpine/xoauth2conf.c +++ b/alpine/xoauth2conf.c @@ -263,7 +263,7 @@ xoauth_info_choice(XOAUTH2_INFO_S **xinfo, char *user) XOAUTH2_INFO_S * oauth2_get_client_info(unsigned char *name, char *user) { - int i, j, matches; + int i, j, matches, len; char **lval; XOAUTH2_INFO_S *x, **xinfo; @@ -306,8 +306,9 @@ oauth2_get_client_info(unsigned char *name, char *user) /* if after removing the duplicate entries, we only have one, use it */ if(matches == 1){ x = copy_xoauth2_info(xinfo[0]); - free_xoauth2_info(&xinfo[0]); - fs_give((void **) xinfo); + for(i = 0; xinfo[i] != NULL; i++) + free_xoauth2_info(&xinfo[i]); + fs_give((void **) &xinfo); return x; } @@ -328,7 +329,7 @@ oauth2_get_client_info(unsigned char *name, char *user) if(matches == 1){ for(i = 0; xinfo[i] != NULL; i++) free_xoauth2_info(&xinfo[i]); - fs_give((void **) xinfo); + fs_give((void **) &xinfo); return x; } @@ -338,7 +339,7 @@ oauth2_get_client_info(unsigned char *name, char *user) x = xoauth_info_choice(xinfo, user); for(i = 0; xinfo[i] != NULL; i++) free_xoauth2_info(&xinfo[i]); - fs_give((void **) xinfo); + fs_give((void **) &xinfo); /* Once the user chose a client-id, save it so we do not ask again */ if(x != NULL){ diff --git a/alpine/xoauth2info.c b/alpine/xoauth2info.c index 8a518f47..6862dd33 100644 --- a/alpine/xoauth2info.c +++ b/alpine/xoauth2info.c @@ -223,3 +223,16 @@ OAUTH2_S alpine_oauth2_list[] = { 0 /* flags */ } }; + + +void +xoauth_free_info(void) +{ + int i; + for(i = 0; alpine_oauth2_list[i].name != NULL ; i++){ + if(alpine_oauth2_list[i].param[OA2_RefreshToken].value) + fs_give((void **) &alpine_oauth2_list[i].param[OA2_RefreshToken].value); + if(alpine_oauth2_list[i].access_token) + fs_give((void **) &alpine_oauth2_list[i].access_token); + } +} diff --git a/imap/src/c-client/auth_bea.c b/imap/src/c-client/auth_bea.c index e05a5007..d6dca992 100644 --- a/imap/src/c-client/auth_bea.c +++ b/imap/src/c-client/auth_bea.c @@ -155,5 +155,8 @@ long auth_oauthbearer_client (authchallenge_t challenger,authrespond_t responder if(oauth2.param[OA2_Id].value) fs_give((void **) &oauth2.param[OA2_Id].value); if(oauth2.param[OA2_Secret].value) fs_give((void **) &oauth2.param[OA2_Secret].value); if(oauth2.param[OA2_Tenant].value) fs_give((void **) &oauth2.param[OA2_Tenant].value); + if(oauth2.param[OA2_State].value) fs_give((void **) &oauth2.param[OA2_State].value); + if(oauth2.param[OA2_RefreshToken].value) fs_give((void **) &oauth2.param[OA2_RefreshToken].value); + if(oauth2.access_token) fs_give((void **) &oauth2.access_token); return ret; } diff --git a/imap/src/c-client/auth_oa2.c b/imap/src/c-client/auth_oa2.c index 7fb30542..2f52c4f2 100644 --- a/imap/src/c-client/auth_oa2.c +++ b/imap/src/c-client/auth_oa2.c @@ -174,5 +174,8 @@ long auth_oauth2_client (authchallenge_t challenger,authrespond_t responder, cha if(oauth2.param[OA2_Id].value) fs_give((void **) &oauth2.param[OA2_Id].value); if(oauth2.param[OA2_Secret].value) fs_give((void **) &oauth2.param[OA2_Secret].value); if(oauth2.param[OA2_Tenant].value) fs_give((void **) &oauth2.param[OA2_Tenant].value); + if(oauth2.param[OA2_State].value) fs_give((void **) &oauth2.param[OA2_State].value); + if(oauth2.param[OA2_RefreshToken].value) fs_give((void **) &oauth2.param[OA2_RefreshToken].value); + if(oauth2.access_token) fs_give((void **) &oauth2.access_token); return ret; } diff --git a/imap/src/c-client/mail.c b/imap/src/c-client/mail.c index f3e14fe3..730201c2 100644 --- a/imap/src/c-client/mail.c +++ b/imap/src/c-client/mail.c @@ -1440,6 +1440,7 @@ MAILSTREAM *mail_close_full (MAILSTREAM *stream,long options) if (stream->dtb) (*stream->dtb->close) (stream,options); stream->dtb = NIL; /* resign driver */ if (stream->mailbox) fs_give ((void **) &stream->mailbox); + if (stream->auth.name) fs_give ((void **) &stream->auth.name); if (stream->original_mailbox) fs_give ((void **) &stream->original_mailbox); if (stream->snarf.name) fs_give ((void **) &stream->snarf.name); diff --git a/imap/src/c-client/oauth2_aux.c b/imap/src/c-client/oauth2_aux.c index 4ab538c7..5af94992 100644 --- a/imap/src/c-client/oauth2_aux.c +++ b/imap/src/c-client/oauth2_aux.c @@ -425,8 +425,7 @@ void renew_accesstoken(MAILSTREAM *stream) user[0] = '\0'; mm_login_method (&mb, user, (void *) &oauth2, trial, stream->auth.name); - if(oauth2.param[OA2_State].value) - fs_give((void **) &oauth2.param[OA2_State].value); + oauth2.param[OA2_State].value = NIL; /* this is freed before we get here */ if(stream->auth.expiration == 0){ stream->auth.expiration = oauth2.expiration; @@ -447,4 +446,7 @@ void renew_accesstoken(MAILSTREAM *stream) if(oauth2.param[OA2_Id].value) fs_give((void **) &oauth2.param[OA2_Id].value); if(oauth2.param[OA2_Secret].value) fs_give((void **) &oauth2.param[OA2_Secret].value); if(oauth2.param[OA2_Tenant].value) fs_give((void **) &oauth2.param[OA2_Tenant].value); + if(oauth2.param[OA2_State].value) fs_give((void **) &oauth2.param[OA2_State].value); + if(oauth2.param[OA2_RefreshToken].value) fs_give((void **) &oauth2.param[OA2_RefreshToken].value); + if(oauth2.access_token) fs_give((void **) &oauth2.access_token); } diff --git a/imap/src/osdep/unix/ssl_unix.c b/imap/src/osdep/unix/ssl_unix.c index b43842df..9d0124ff 100644 --- a/imap/src/osdep/unix/ssl_unix.c +++ b/imap/src/osdep/unix/ssl_unix.c @@ -468,16 +468,18 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) if (SSL_write (stream->con,"",0) < 0) return ssl_last_error ? ssl_last_error : "SSL negotiation failed"; /* need to validate host names? */ + cert = SSL_get_peer_certificate (stream->con); if (!(flags & NET_NOVALIDATECERT) && - (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con), - host))) { + (err = ssl_validate_cert (cert, host))) { /* application callback */ X509_NAME_oneline (X509_get_subject_name(cert), buf, sizeof(buf)); if (scq) return (*scq) (err,host,cert ? buf : "???") ? NIL : ""; /* error message to return via mm_log() */ sprintf (tmp,"*%.128s: %.255s",err,cert ? buf : "???"); + X509_free(cert); return ssl_last_error = cpystr (tmp); } + X509_free(cert); return NIL; } @@ -520,7 +522,7 @@ static char *ssl_validate_cert (X509 *cert,char *host) { int i,j,n, m = 0; char *s=NULL,*t,*ret = NIL; - void *ext; + void *ext = NIL; GENERAL_NAME *name; X509_NAME *cname; X509_NAME_ENTRY *e; @@ -546,6 +548,7 @@ static char *ssl_validate_cert (X509 *cert,char *host) if ((name = sk_GENERAL_NAME_value (ext,i)) && (name->type = GEN_DNS) && (s = name->d.ia5->data) && ssl_compare_hostnames (host,s)) ret = NIL; + if(ext) GENERAL_NAMES_free(ext); } #endif /* OPENSSL_1_1_0 */ /* Method 2, use cname */ @@ -569,6 +572,7 @@ static char *ssl_validate_cert (X509 *cert,char *host) if ((name = sk_GENERAL_NAME_value (ext,i)) && (name->type = GEN_DNS) && (s = name->d.ia5->data) && ssl_compare_hostnames (host,s)) ret = NIL; + if(ext) GENERAL_NAMES_free(ext); } } } diff --git a/pith/imap.c b/pith/imap.c index fb7c3972..f91937b1 100644 --- a/pith/imap.c +++ b/pith/imap.c @@ -1125,6 +1125,10 @@ imap_flush_passwd_cache(int dumpcache) if(l->user) fs_give((void **) &l->user); + if(!(l->passwd >= (char *) private_store + && l->passwd <= p)) + fs_give((void **) &l->passwd); + free_strlist(&l->hosts); fs_give((void **) &l); @@ -1134,6 +1138,9 @@ imap_flush_passwd_cache(int dumpcache) cert_failure_list = cert_failure_list->next; if(l->user) fs_give((void **) &l->user); + if(!(l->passwd >= (char *) private_store + && l->passwd <= p)) + fs_give((void **) &l->passwd); free_strlist(&l->hosts); diff --git a/pith/pine.hlp b/pith/pine.hlp index 3f57c965..2faba34f 100644 --- a/pith/pine.hlp +++ b/pith/pine.hlp @@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any reasonable place to be called from. Dummy change to get revision in pine.hlp ============= h_revision ================= -Alpine Commit 578 2021-08-21 15:09:38 +Alpine Commit 579 2021-08-23 21:16:41 ============= h_news ================= <HTML> <HEAD> |