On Fri, Aug 04, 2017 at 06:16:53PM +0200, Nicolas Morey-Chaisemartin wrote: > static struct imap_store *imap_open_store(struct imap_server_conf *srvc, char *folder) > { > struct credential cred = CREDENTIAL_INIT; > @@ -1090,7 +1116,7 @@ static struct imap_store *imap_open_store(struct imap_server_conf *srvc, char *f > if (!srvc->user) > srvc->user = xstrdup(cred.username); > if (!srvc->pass) > - srvc->pass = xstrdup(cred.password); > + srvc->pass = imap_escape_password(cred.password); > } > > if (srvc->auth_method) { I'm not sure if this is correct. It looks like this username and password are used by whatever authentication method we use, whether that's LOGIN or CRAM-MD5. I don't think we'd want to encode the password here before sending it through the CRAM-MD5 authenticator. -- brian m. carlson / brian with sandals: Houston, Texas, US https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: https://keybase.io/bk2204
Attachment:
signature.asc
Description: PGP signature