Bug#494886: cyrus-clients-2.2: pop3test doesn't follow RFC - can't test dovecot pop3-server
Heiko Schlittermann
hs at schlittermann.de
Tue Aug 12 21:28:23 UTC 2008
Package: cyrus-clients-2.2
Version: 2.2.13-10
Severity: important
Tags: patch
Hello,
I think, I've found a bug in the imtest/pop3test utiltiy.
It's not correctly checking the server respons.
Let me explain some details:
I used pop3test to check a dovecot pop3-server
S: +OK Dovecot ready.
C: CAPA
S: +OK
S: CAPA
S: TOP
S: UIDL
S: RESP-CODES
S: PIPELINING
S: STLS
S: USER
S: SASL PLAIN
S: .
C: USER heiko
S: +OK
Authentication failed. generic failure
Connection closed.
Digging in the imtest.c I found (function auth_pop(void))
the following lines:
1867 printf("C: USER %s\r\n", username);
1868 prot_printf(pout,"USER %s\r\n", username);
1869 prot_flush(pout);
1870
1871 if (prot_fgets(str, 1024, pin) == NULL) {
1872 imtest_fatal("prot layer failure");
1873 }
1874
1875 printf("S: %s", str);
1876
1877 if (strncasecmp(str, "+OK ", 4)) return IMTEST_FAIL;
The issue is about the "+OK ". Note the trailing space there, and the
check for 4 characters. Dovecot just sends "+OK\r\n", nothing else.
There's no space following the "+OK".
Reading RFC1939 (section 9):
Note that with the exception of the STAT, LIST, and UIDL commands,
the reply given by the POP3 server to any command is significant
only to "+OK" and "-ERR". Any text occurring after this reply
may be ignored by the client.
So I'd guess the above test is wrong. (A similar test is done some lines
later checking the response to the "PASS ..." command. And probably even
more often.
The fix should be just something like this (in vi):
%s/+OK ", 4/+OK", 3/g
in the imtest.c source.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (990, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.26.2.jumper
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Versions of packages cyrus-clients-2.2 depends on:
ii libc6 2.3.6.ds1-13etch7 GNU C Library: Shared libraries
ii libdb4.2 4.2.52+dfsg-2 Berkeley v4.2 Database Libraries [
ii libsasl2-2 2.1.22.dfsg1-8 Authentication abstraction library
ii libssl0.9.8 0.9.8c-4etch3 SSL shared libraries
cyrus-clients-2.2 recommends no packages.
-- no debconf information
More information about the Pkg-Cyrus-imapd-Debian-devel
mailing list