Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.3.8

Bug #2175 login() which uses DIGEST-MD5 always returns true.
Submitted: 2004-08-20 07:15 UTC Modified: 2007-02-12 15:43 UTC
From: kmizuno9999 at yahoo dot co dot jp Assigned: damian
Status: No Feedback Package: Net_POP3
PHP Version: 4.3.7 OS: Windows XP
Roadmaps: (Not assigned)    
Subscription  


 [2004-08-20 07:15 UTC] kmizuno9999 at yahoo dot co dot jp
Description: ------------ The login() method which uses DIGEST-MD5 regardless of server response returns true. This situation is caused when the client sends invalid user or password. The version number is 1.3.2 When mailserver returned "ERR" response, the method should return "false". in _authDigest_MD5() ------------------------------------------------------------ if ( PEAR::isError($error = $this->_send( $auth_str ) ) ) { return $error; } /**** here ****/ if ( PEAR::isError( $challenge = $this->_recvLn() ) ) { <-- it doesn't check server response. /**** here ****/ return $challenge; } /* * We don't use the protocol's third step because POP3 doesn't allow * subsequent authentication, so we just silently ignore it. */ if ( PEAR::isError( $challenge = $this->_send("\r\n") ) ) { return $challenge ; } /**** here ****/ if ( PEAR::isError( $challenge = $this->_recvLn() ) ) { <-- it doesn't check server response. /**** here ****/ return $challenge; } return true; ------------------------------------------------------------

Comments

 [2004-09-15 20:22 UTC] damian
Thank you for this bug report. To properly diagnose the problem, we need a backtrace to see what is happening behind the scenes. To find out how to generate a backtrace, please read http://bugs.php.net/bugs-generating-backtrace.php Once you have generated a backtrace, please submit it to this bug report and change the status back to "Open". Thank you for helping us make PEAR better. Please try it now