Sunil Shetye <shetye(_at_)bombay(_dot_)retortsoft(_dot_)com>:
The attached patch fixes the following problems:
* idletimeout is never reset to 0. This causes PS_IDLETIMEOUT to be
returned instead of PS_SOCKET.
* oversize messages are inadvertently deleted when both --limit and
--flush are used.
* suppress_readbody should be set to TRUE only if
- we see the message delimiter line before the header delimiter line
- the protocol allows the body to be fetched separately (IMAP).
In particular, it should not be set to TRUE for POP3 if the message
has been retained or refused and the message delimiter is not seen
* peek_capable and expunge_period are not set properly in some
authentication methods (gsappi and kerberos).
* STARTTLS is tried after trying some of the authentication methods
(gsappi and kerberos). It should be done first.
* the POP3 authentication method flags should be reset.
* the return value of capa_probe should be used.
* if suppress_readbody is TRUE, suppress_forward is FALSE, and the
body of the mail is big, the smtp server times out causing the whole
POP3 transaction to be aborted.
* if mail from <> is refused by the smtp server, fetchmail does not
delete the mail.
* fetchmail does not accept <> as a valid from address. It should.
* some strings are not being correctly NUL terminated.
* SSL_connect() returns any number less than 1 for error conditions.
* has_nuls is not correctly set on finding a line with NUL. Currently,
it is set only if the last header line has NULs.
* the header line is not correctly copied to msgblk! memcpy() instead
of strcpy() should be used to copy a line using linelen instead of
strlen(). Otherwise, line with NULs are not copied correctly.
* return value of realloc() is not checked.
* if the idfile has a line with space and without '@', fetchmail
Sorry, it took me a while to audit this. Good work!
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>