ulysses/routes
nubs 932b7f2446
fix(email): close IMAP socket when connect/login fails (#3174) (#3363)
* fix(email): close IMAP socket when connect/login fails (#3174)

_imap_connect opened a live socket via _open_imap_connection and then
called conn.login() with no try/finally, and _open_imap_connection called
conn.starttls() unguarded. When auth fails (e.g. an Office 365 app password
on an MFA-enabled tenant, #3174) or STARTTLS is rejected, the already-open
socket was orphaned. Every IMAP caller funnels through _imap_connect,
including the 30-minute _auto_summarize_poller, so a persistently
misconfigured account leaked one descriptor per pass toward FD exhaustion.

The previously merged leak fixes (#1325/#1330/#1423/#1530) only guard the
post-connect body and monkeypatch _imap_connect to succeed, so this
connect-time path was uncovered. Wrap login() and starttls() so a failure
calls conn.shutdown() (low-level close; logout() can't run pre-auth) before
re-raising. Adds two regression tests that fail without the guard.

* fix(email): guard MCP IMAP+SMTP connect-time leaks too (#3174)

Folds in the sibling connect-time leaks vdmkenny flagged on #3363, so the
whole connect-then-step leak class is closed in one place:

- mcp_servers/email_server.py::_imap_connect — guard starttls() and login();
  close pre-auth with conn.shutdown() before re-raising.
- mcp_servers/email_server.py::_smtp_connect — guard starttls() and login();
  SMTP has no shutdown(), so close with conn.close() (socket close, no QUIT).

Routes SMTP (_send_smtp_message) is already safe via 'with smtplib.SMTP(...)'.
Adds four regression tests (one per guard), verified to fail without the fix.
2026-06-08 21:21:41 +02:00
..
__init__.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
admin_wipe_routes.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
api_token_routes.py fix(api-tokens): preserve scopes on a partial token update (#3407) 2026-06-08 19:37:31 +02:00
assistant_routes.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
auth_routes.py fix: avoid double bcrypt on login by using create_session_trusted (#3236) 2026-06-07 15:10:53 +02:00
backup_routes.py fix: restore backup import after skills migration (#2980) 2026-06-06 21:46:32 +01:00
calendar_routes.py fix(notes): handle time-first due_date phrases in parse_due_for_user (#3319) 2026-06-07 19:15:38 +02:00
chat_helpers.py feat: add ChatGPT Subscription provider (#2876) 2026-06-08 10:19:18 +02:00
chat_routes.py feat: add ChatGPT Subscription provider (#2876) 2026-06-08 10:19:18 +02:00
chatgpt_subscription_routes.py feat: add ChatGPT Subscription provider (#2876) 2026-06-08 10:19:18 +02:00
cleanup_routes.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
codex_routes.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
compare_routes.py fix(endpoint): scope secondary endpoint lookups by owner 2026-06-08 11:51:55 +01:00
contacts_routes.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
cookbook_helpers.py fix(platform): Improve WSL SSH remote compatibility (#3316) 2026-06-08 00:33:50 +02:00
cookbook_routes.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
copilot_routes.py feat: add ChatGPT Subscription provider (#2876) 2026-06-08 10:19:18 +02:00
device_flow.py feat: add ChatGPT Subscription provider (#2876) 2026-06-08 10:19:18 +02:00
diagnostics_routes.py Fix email-thread HTML injection, attachment path traversal, and missing authz (#475) 2026-06-01 22:20:17 +09:00
document_helpers.py fix: _resolve_user_upload_path crashes on a non-dict resolve_upload result (#1715) 2026-06-03 13:34:33 +09:00
document_routes.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
editor_draft_routes.py Ignore invalid editor draft payloads (#1533) 2026-06-03 14:07:03 +09:00
email_helpers.py fix(email): close IMAP socket when connect/login fails (#3174) (#3363) 2026-06-08 21:21:41 +02:00
email_pollers.py fix: quote IMAP mailbox arguments (#2170) 2026-06-05 16:00:20 +02:00
email_routes.py docs(email): clarify Outlook password auth failures 2026-06-08 15:32:16 +01:00
embedding_routes.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
emoji_routes.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
font_routes.py Keep compact font family names together (#1263) 2026-06-03 14:24:30 +09:00
gallery_helpers.py fix: gallery records raw instead of display dimensions for EXIF-rotated photos (#1667) 2026-06-03 14:23:04 +09:00
gallery_routes.py fix(endpoint): scope secondary endpoint lookups by owner 2026-06-08 11:51:55 +01:00
history_routes.py fix(sessions): copy message metadata when forking a session (#3409) 2026-06-08 20:49:15 +02:00
hwfit_routes.py Merge remote-tracking branch 'origin/main' into visual-pr-playground 2026-06-03 16:49:10 +09:00
mcp_routes.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
memory_routes.py Scope vision model resolution by owner (#3009) 2026-06-07 12:39:02 +02:00
model_routes.py fix(security): fail closed in /api/models auth gate on unexpected errors (#3489) 2026-06-08 20:23:39 +02:00
note_routes.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
personal_routes.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
prefs_routes.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
preset_routes.py fix(presets): scope expand-prompt model resolution to owner (#3477) 2026-06-08 21:12:02 +02:00
research_routes.py fix(endpoint): scope secondary endpoint lookups by owner 2026-06-08 11:51:55 +01:00
search_routes.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
session_routes.py feat: add ChatGPT Subscription provider (#2876) 2026-06-08 10:19:18 +02:00
shell_routes.py fix(cookbook): don't 500 the packages panel when an optional package crashes on import (#2618) 2026-06-07 18:14:43 +02:00
signature_routes.py Constrain signature uploads to PNG data (#2844) 2026-06-05 13:17:43 +02:00
skills_routes.py fix(presets): scope expand-prompt model resolution to owner (#3477) 2026-06-08 21:12:02 +02:00
stt_routes.py fix(uploads): bound direct upload reads 2026-06-04 00:32:50 +01:00
task_routes.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
tts_routes.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
upload_routes.py Scope vision model resolution by owner (#3009) 2026-06-07 12:39:02 +02:00
vault_routes.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
webhook_routes.py feat: add ChatGPT Subscription provider (#2876) 2026-06-08 10:19:18 +02:00
workspace_routes.py feat: Add workspace: confine agent tools to a folder (#1103) 2026-06-05 00:06:37 +02:00