Opened 13 years ago
Closed 13 years ago
#61 closed defect (invalid)
IMAP PROXY - 64bit - an incorrect login username reaches the destination server
| Reported by: | www.google.com/accounts/o8/id?id=AItOawlepElWkquQHoeFRD0APkXWy1ALz-VeTR4 | Owned by: | somebody |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-core | Version: | 1.0.x |
| Keywords: | imap, mail | Cc: | lahavs@… |
| uname -a: |
[root@lb-1 ~]# uname -a
Linux x.y.z.co 2.6.21.7-2.fc8xen #1 SMP Fri Feb 15 12:39:36 EST 2008 i686 i686 i386 GNU/Linux (It's CentOS release 5.7 (Final)) |
||
| nginx -V: |
[root@lb-1 ~]# /usr/local/nginx/sbin/nginx -V
nginx: nginx version: nginx/1.0.10 nginx: built by gcc 4.1.2 20080704 (Red Hat 4.1.2-51) nginx: TLS SNI support disabled nginx: configure arguments: --with-mail --with-mail_ssl_module |
||
Description
Steps to reproduce:
- set up an IMAP proxy server
- connect to the server and do a LOGIN
Result:
- the IMAP "LOGIN" request reaches the destination server, but modified as follows:
Instead of
"A1 LOGIN georgianai pass\r\n"
We get
"A1 LOGIN {10}\r\n"
(between the brackets it's the length of the username)
nginx.conf:
[...]
mail {
auth_http mac:80/nginx-auth/mail-auth.php ;
imap_capabilities "IMAP4rev1" "UIDPLUS";
server {
listen 143;
listen 1430;
protocol imap;
proxy on;
}
}
This is the mail-auth.php script response (the username looks ok):
HTTP/1.1 200 OK
Server: nginx/1.0.8
Date: Mon, 28 Nov 2011 05:45:13 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.1.6
Auth-Status: OK
Auth-Server: 10.48.177.131
Auth-Port: 1430
Auth-User: georgianai
Auth-Pass: geopass
Kind regards,
Georgiana Iancu
Software Engineer at Emindsys LTD.
Note:
See TracTickets
for help on using tickets.
This is literal form of string, see http://tools.ietf.org/html/rfc3501#section-4.3.