LupusNobilis/sogo
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

(fix) prevent using localhost on additional IMAP accounts

Browse source
This commit is contained in:
Ludovic Marcotte 2016-12-05 14:51:33 -05:00
parent ffd69337f6
commit 68ddcd7045
1 changed files with 16 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
SoObjects/Mailer/SOGoMailBaseObject.m
View file

@ -132,10 +132,23 @@
- (NGImap4Connection *) _createIMAP4Connection - (NGImap4Connection *) _createIMAP4Connection
{ {
NGImap4ConnectionManager *manager; NGImap4ConnectionManager *manager;
NSString *password;
NGImap4Connection *newConnection; NGImap4Connection *newConnection;
NSString *password;
NSHost *host;
[self imap4URL]; [self imap4URL];
// We first check if we're trying to establish an IMAP connection to localhost
// for an account number greater than 0 (default account). We prevent that
// for security reasons if admins use an IMAP trust.
host = [NSHost hostWithName: [[self imap4URL] host]];
if (![[[self mailAccountFolder] nameInContainer] isEqualToString: @"0"] &&
[[host address] isEqualToString: @"127.0.0.1"])
{
[self errorWithFormat: @"Trying to use localhost for additional IMAP account - aborting."];
return nil;
}
manager = [self mailManager]; manager = [self mailManager];
password = [self imap4PasswordRenewed: NO]; password = [self imap4PasswordRenewed: NO];
if (password) if (password)
@ -212,8 +225,8 @@
if (!imap4) if (!imap4)
{ {
imap4 = [self _createIMAP4Connection]; imap4 = [self _createIMAP4Connection];
[sogoCache registerIMAP4Connection: imap4 [sogoCache registerIMAP4Connection: imap4
forKey: cacheKey]; forKey: cacheKey];
} }
[imap4 retain]; [imap4 retain];
} }