[Kde-pim] [PATCH] kioslaves/sieve: fix small managesieve protocol violations

Stephan Bosch stephan at rename-it.nl
Sat Aug 4 12:35:01 BST 2007 

Hello,

I'm developing a managesieve server for the dovecot project 
(www.dovecot.org) and some of my users reported problems when using 
KMail as a client. I decided to investigate the problem myself and this 
resulted in a very small patch against the kioslaves/sieve implementation.

The problems were the following:

* When using TLS they could not login.
* Retrieving scripts from the server always failed with a protocol error 
report

Both problems were caused by deviations from the draft protocol 
specification. The specification states that after a successful STARTTLS 
the _server_ must reissue a capability response (as explained more 
clearly in version 07 of the specification). The current kioslave 
implementation sends a CAPABILITY command directly after TLS 
negotiation, which is unnecessary but in itself not a protocol 
violation. However, it does not expect the unsolicited capability 
listing from the server and aborts the login with an error. I reset the 
flag that causes an explicit CAPABILITY command to be sent and all is well.

The second problem is caused by erroneous parsing of literal strings. 
The length specification is required to include a '+' character before 
the '}'. The kioslave implentation forgets this and failes to parse the 
contained integer. This was reported last year already in bug 122870 
(http://bugs.kde.org/show_bug.cgi?id=122870), but thus far this remained 
unconfirmed and unresolved.  I am not sure what timsieved currrently 
does, so you might  want to adapt the patch to allow both situations for 
the time being.

When these issues were resolved, I continued testing KMail myself and I 
found another protocol-related problem. The managesieve server can 
choose to send either quoted or literal strings for any kind of 
response. The current kioslave implementation often makes assumptions on 
what type of string is going to be received, especially when handling 
errors. My server only sends literals when multi-line strings need to be 
sent, so a simple one-line error is sent as a quoted string. For 
instance, when an error occurs for the PUTSCRIPT command it is only 
reported to the user when the server presents it as a literal string. 
Otherwise a generic failure message is shown and the user is none the 
wiser. This patch only resolves this issue for the putscript command, 
because fixing this in all situations would make this simple patch way 
too invasive.

This patch was made and tested against kdepim-3.5.6, but also applies 
cleanly to 3.5.7 since almost nothing changed in the kioslaves/sieve 
code between those releases. The patch can be downloaded at:

http://sinas.rename-it.nl/~sirius/kdepim_sieve_patch.diff

I hope you are willing to resolve these issues by merging my patch or 
something equivalent in future releases.

Regards,

--
Stephan Bosch
stephan at rename-it.nl






_______________________________________________
KDE PIM mailing list kde-pim at kde.org
https://mail.kde.org/mailman/listinfo/kde-pim
KDE PIM home page at http://pim.kde.org/

More information about the kde-pim mailing list