Closed
Bug 1491755
Opened 6 years ago
Closed 6 years ago
smtp AUTH PLAIN incomplete utf8 Password
Categories
(MailNews Core :: Networking: SMTP, defect)
Tracking
(thunderbird_esr6062+ fixed, thunderbird63 fixed, thunderbird64 fixed)
RESOLVED
FIXED
Thunderbird 64.0
People
(Reporter: yseckin, Assigned: infofrommozilla)
Details
Attachments
(3 files, 1 obsolete file)
547.42 KB,
image/png
|
Details | |
3.51 KB,
application/x-pcapng
|
Details | |
1.16 KB,
patch
|
jorgk-bmo
:
review+
jorgk-bmo
:
approval-comm-beta+
jorgk-bmo
:
approval-comm-esr60+
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 Build ID: 20180912143528 Steps to reproduce: tried to authenticte with the password "1ä2a%00" the last "0" of the password will not transmit. TLS/STARTTLS not active. The Fallback to AUTH LOGIN works. See the Wireshark sniff. Actual results: AUTH PLAIN will not work. Expected results: positive authentication
Attachment #9009538 -
Attachment is obsolete: true
Updated•6 years ago
|
Component: Untriaged → Security
Comment 3•6 years ago
|
||
Perhaps related: bug 1474314.
Component: Security → Networking: SMTP
Product: Thunderbird → MailNews Core
Assignee | ||
Comment 4•6 years ago
|
||
When calculating the string length, the wrong string is used.
Attachment #9011285 -
Flags: review?(jorgk)
Comment 5•6 years ago
|
||
Comment on attachment 9011285 [details] [diff] [review] Fix 'truncated password' when using AUTH PLAIN (SMTP) Thank you, Alfred! I am very frustrated by this. Support for unicode passwords was in introduced in bug 312593 which landed exactly to the day *one* year ago. That code was reviewed by three people and no one saw the mistake: https://hg.mozilla.org/comm-central/rev/23725f858c42#l17.61 The new unicode capability, which in fact never worked as we see here (and in bug 1493542), was advertised in the TB 57 release notes (https://www.thunderbird.net/en-US/thunderbird/57.0beta/releasenotes/). I couldn't test it since none of my mail providers accept non-ASCII passwords, so I hoped one of the complainers in bug 312593 would have tried it :-( Then the code was touched again recently, and again, the mistake went unnoticed: https://hg.mozilla.org/comm-central/rev/1519c2b5f8c4#l1.86 https://hg.mozilla.org/comm-central/rev/092c52d61cba#l1.17
Attachment #9011285 -
Flags: review?(jorgk) → review+
Updated•6 years ago
|
Assignee: nobody → infofrommozilla
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Comment 6•6 years ago
|
||
Comment on attachment 9011285 [details] [diff] [review] Fix 'truncated password' when using AUTH PLAIN (SMTP) Since we advertise working UTF-8 passwords in TB 60, they'd better be working.
Attachment #9011285 -
Flags: approval-comm-esr60+
Attachment #9011285 -
Flags: approval-comm-beta+
Pushed by mozilla@jorgk.com: https://hg.mozilla.org/comm-central/rev/afd14a54871a Fix 'truncated password' when using AUTH PLAIN (SMTP). r=jorgk
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Updated•6 years ago
|
Target Milestone: --- → Thunderbird 64.0
Comment 8•6 years ago
|
||
TB 60.1/60.2: https://hg.mozilla.org/releases/comm-esr60/rev/0e7a9aa6ed558e7886a567366ef9c6318a02ee0d
status-thunderbird63:
--- → affected
status-thunderbird64:
--- → fixed
status-thunderbird_esr60:
--- → fixed
tracking-thunderbird_esr60:
--- → 62+
Comment 9•6 years ago
|
||
Beta (TB 63): https://hg.mozilla.org/releases/comm-beta/rev/ef98e6064d34eb54be063993b5345cde57aeadbc
You need to log in
before you can comment on or make changes to this bug.
Description
•