Package: dovecot Version: 0.99.13-3 Severity: normal Tags: security, patch I posted this to the Dovecot mailing list a couple of days ago. Most people probably don't run Dovecot from inetd, but I still think it needs to be fixed one way or another. After all, it's a bug.
-- When running dovecot from inetd (as per the instructions on http://wiki.dovecot.org/InetdInstall), imap-login and pop3-login thinks that TLS is enabled when in fact it isn't (we're connecting to port 110 and port 143, so the --ssl parameter isn't present). "-ERR TLS is already active.", pop3-login says, for example. The reason for that is found in login-common/main.c:main(): > if (fd != -1) > (void)client_create(fd, &ip, TRUE); I added a flag which I set when ssl_proxy_new() is successfully called (see the following diff) and it seems to work fine. Is there any reason it shouldn't? What's the reason that the code is the way it is? -- Magnus Holmgren [EMAIL PROTECTED] --- src/login-common/main.c 2003-11-08 16:15:42.000000000 +0100 +++ src/login-common/main.c.new 2005-01-15 17:49:53.000000000 +0100 @@ -220,7 +220,7 @@ { const char *name, *group_name; struct ip_addr ip; - int i, fd = -1, master_fd = -1; + int i, fd = -1, master_fd = -1, ssl = FALSE; is_inetd = getenv("DOVECOT_MASTER") == NULL; @@ -268,6 +268,7 @@ fd = ssl_proxy_new(fd, &ip); if (fd == -1) i_fatal("SSL initialization failed"); + ssl = TRUE; } else if (strncmp(argv[i], "--group=", 8) != 0) i_fatal("Unknown parameter: %s", argv[i]); } @@ -277,7 +278,7 @@ } if (fd != -1) - (void)client_create(fd, &ip, TRUE); + (void)client_create(fd, &ip, ssl); io_loop_run(ioloop); main_deinit(); -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
