First, teapop fails to authentificate user if he logs in without
specifying his domain (pop_auth calls pop_string_find and tests its
result against being NULL, while NULL is returned only upon malloc()
failures. On empty domain logins pop_string_find returns empty
string). This makes APOP login method to always fail as teapop
erroneously interprets command APOP avn
d41d8cd98f00b204e9800998ecf8427e as an attempt of login for user
avn@d41d8cd98f00b204e9800998ecf8427e without supplying MD5 hash
value. Instead, return value should be tested against being empty
string, while positive test for NULL should cause pop3 server error
message to be printed.
Second, if configured with WITHOUT_APOP arguments to 'make install',
teapop incorrectly handles QUIT command while in authentification
state. It's because a part of switch statement became commented out
and there will be no branch for return value from
pop_wait_for_commands with command "QUIT" (it will return 3, not 4
when configured without APOP).
PR: 26181
Submitted by: Alexey V. Neyman <avn@any.ru>
prevents evilness which would cause teapop.passwd to be overwritten when
installing a newer version of the port.
Submitted by: Tobias Reifenberger <treif@mayn.de>