Web lists-archives.com

Re: [RFC] imap-send: escape backslash in password




On Fri, Aug 04, 2017 at 09:46:49PM +0200, Andreas Schwab wrote:

> > For example, FRC3501 "9. Formal Syntax" says that both "password"
> > and "userid" are "astring"; it looks strange that the code with this
> > patch only touches cred.password while sending cred.username as-is.
> 
> astring         = ... / string
> string          = quoted / ...
> quoted          = DQUOTE *QUOTED-CHAR DQUOTE
> QUOTED-CHAR     = <any TEXT-CHAR except quoted-specials> /
>                   "\" quoted-specials
> quoted-specials = DQUOTE / "\"
> 
> Thus the quoting applies to any element that is a string (and a double
> quote needs to be quoted as well).

It's been a long time since I've done anything with IMAP, but I think
another alternative would be to send it as a "literal", like:

  {6}
  foobar

That's relatively easy to format correctly using the current printf
specifiers that imap_exec() takes. Though as I said elsewhere in the
thread, perhaps imap_exec() should provide a different interface.

I also think it might be reasonable to scrap all of this ad-hoc imap
code in favor of curl, which already gets these cases right. We already
have a curl-backed implementation. I think we just left the old code out
of conservatism. But it seems somewhat buggy and unmaintained, and I
wonder if we aren't better off to simply encourage people to install
curl.

-Peff