Commit 02d87190 authored by Fabian Vogt's avatar Fabian Vogt
Browse files

LoginJob: Verify that encryption is established before authentication

In code involving state machines and threads, it's possible that some edge
cases can lead to unintended paths being taken. Make sure that when encryption
is requested that it's completed before authenticating.
parent c7dfcfc8
......@@ -203,7 +203,7 @@ void LoginJob::doStart()
// Check if STARTTLS is supported
d->authState = LoginJobPrivate::PreStartTlsCapability;
d->tags << d->sessionInternal()->sendCommand("CAPABILITY");
} else {
} else if (encryptionMode == Unencrypted) {
if (d->authMode.isEmpty()) {
d->authState = LoginJobPrivate::Login;
qCDebug(KIMAP_LOG) << "sending LOGIN";
......@@ -343,6 +343,14 @@ void LoginJob::handleResponse(const Response &response)
break;
case LoginJobPrivate::Capability:
// If encryption was requested, verify that it's negotiated before logging in
if (d->encryptionMode != Unencrypted && d->sessionInternal()->negotiatedEncryption() == QSsl::UnknownProtocol) {
setError(LoginJob::UserDefinedError);
setErrorText(i18n("Internal error, tried to login before encryption"));
emitResult();
break;
}
// cleartext login, if enabled
if (d->authMode.isEmpty()) {
if (d->plainLoginDisabled) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment