LupusNobilis/sogo
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

(fix) prevent using localhost on additional IMAP accounts

Browse source
This commit is contained in:
Ludovic Marcotte 2016-12-05 14:51:33 -05:00
parent ffd69337f6
commit 68ddcd7045
1 changed files with 16 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
SoObjects/Mailer/SOGoMailBaseObject.m
View file

@ -132,10 +132,23 @@
- (NGImap4Connection *) _createIMAP4Connection
{
NGImap4ConnectionManager *manager;
NSString *password;
NGImap4Connection *newConnection;
NSString *password;
NSHost *host;
[self imap4URL];
// We first check if we're trying to establish an IMAP connection to localhost
// for an account number greater than 0 (default account). We prevent that
// for security reasons if admins use an IMAP trust.
host = [NSHost hostWithName: [[self imap4URL] host]];
if (![[[self mailAccountFolder] nameInContainer] isEqualToString: @"0"] &&
[[host address] isEqualToString: @"127.0.0.1"])
{
[self errorWithFormat: @"Trying to use localhost for additional IMAP account - aborting."];
return nil;
}
manager = [self mailManager];
password = [self imap4PasswordRenewed: NO];
if (password)