66 lines
2.9 KiB
Plaintext
66 lines
2.9 KiB
Plaintext
MBOX-Line: From mrc+imap at panda.com Fri Mar 11 21:54:13 2011
|
|
To: imap-protocol@u.washington.edu
|
|
From: Mark Crispin <mrc+imap@panda.com>
|
|
Date: Fri Jun 8 12:34:45 2018
|
|
Subject: [Imap-protocol] Re: RFC 2971 (ID) mandatory in Android phones?
|
|
In-Reply-To: <AANLkTimNfBd41FoUDjXwbrONj6g9fJtHhZgJ5z8MV1=y@mail.gmail.com>
|
|
References: <AANLkTimNfBd41FoUDjXwbrONj6g9fJtHhZgJ5z8MV1=y@mail.gmail.com>
|
|
Message-ID: <alpine.OSX.2.00.1103112149290.10464@hsinghsing.panda.com>
|
|
|
|
Thank you for confirming that this problem is fixed.
|
|
|
|
Further investigation determined that the disconnection session was by the
|
|
server. That particular server considers any invalid command prior to
|
|
authentication to be part of a possible fuzzing attack, and always
|
|
disconnects. Since it wasn't known how long it would be before this
|
|
problem is fixed in Android, the server was subsequently changed to allow
|
|
some number of invalid pre-authentication commands before disconnecting.
|
|
|
|
On Fri, 11 Mar 2011, Brandon Long wrote:
|
|
>> I have just received a frightening report that says that the mail client
|
|
>> in Android phones sends an ID command to an IMAP server that does not
|
|
>> advertise the ID extension, and disconnects the session when the IMAP
|
|
>> server returns BAD as the response.
|
|
>>
|
|
>> I can NOT duplicate this problem on my Android phone, an old T-Mobile
|
|
>> myTouch 3G. However, as its OS is 2 or so years old, it's possible that
|
|
>> this is a bug in newer versions.
|
|
>>
|
|
>> The client reported to do this sends the following ID command:
|
|
>>
|
|
>> 2 ID ("name" "com.android.email" "os" "android" "os-version" "2.2; FROYO" "vendor" "samsung" "x-android-device-model" "GT-P1000" "x-android-mobile-net-operator" "Vodafone CZ" "AGUID" "F26+FjerfVzQ1lSlxFmbV/Yw0ak=")
|
|
>>
|
|
>> Is this true?
|
|
>
|
|
> The Android Email client is part of the open source release.
|
|
> GT-P1000 appears to the GSM version of the Galaxy Tab. This is not
|
|
> running stock Android, but Samsung's own interface, which may be using
|
|
> a modified version of the Email client or something entirely written
|
|
> in-house.
|
|
>
|
|
> The source code is published here:
|
|
> http://android.git.kernel.org/?p=platform/packages/apps/Email.git;a=summary
|
|
>
|
|
> Ahh, apparently the answer is yes:
|
|
>
|
|
> http://android.git.kernel.org/?p=platform/packages/apps/Email.git;a=commit;h=275b89d96949de6544c7bca999e241f659cf18b3
|
|
>
|
|
> fixes the bug. I'm not sure if there was a release while it did it
|
|
> before it stopped doing it. I'm not seeing any of the requests in our
|
|
> logs, but could be missing it, or people are more likely to use the
|
|
> gmail app for gmail than the email app.
|
|
>
|
|
> Brandon
|
|
> _______________________________________________
|
|
> Imap-protocol mailing list
|
|
> Imap-protocol@u.washington.edu
|
|
> http://mailman2.u.washington.edu/mailman/listinfo/imap-protocol
|
|
>
|
|
|
|
-- Mark --
|
|
|
|
http://panda.com/mrc
|
|
Democracy is two wolves and a sheep deciding what to eat for lunch.
|
|
Liberty is a well-armed sheep contesting the vote.
|
|
|