smtp AUTH PLAIN incomplete utf8 Password

RESOLVED FIXED in Thunderbird 64.0


6 months ago
6 months ago


(Reporter: yseckin, Assigned: infofrommozilla)


Thunderbird 64.0

Thunderbird Tracking Flags

(thunderbird_esr6062+ fixed, thunderbird63 fixed, thunderbird64 fixed)



(3 attachments, 1 obsolete attachment)



6 months ago
Posted file TB60smtp_auth_plain_bug.tar (obsolete) —
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0
Build ID: 20180912143528

Steps to reproduce:

tried to authenticte with the password "1ä2a%00" the last "0" of the password will not transmit.
TLS/STARTTLS not active. The Fallback to AUTH LOGIN works. See the Wireshark sniff.

Actual results:

AUTH PLAIN will not work.

Expected results:

positive authentication

Comment 1

6 months ago

Comment 2

6 months ago
Attachment #9009538 - Attachment is obsolete: true


6 months ago
Component: Untriaged → Security
Perhaps related: bug 1474314.
Component: Security → Networking: SMTP
Product: Thunderbird → MailNews Core

Comment 4

6 months ago
When calculating the string length, the wrong string is used.
Attachment #9011285 - Flags: review?(jorgk)

Comment 5

6 months ago
Comment on attachment 9011285 [details] [diff] [review]
Fix 'truncated password' when using AUTH PLAIN (SMTP)

Thank you, Alfred!

I am very frustrated by this. Support for unicode passwords was in introduced in bug 312593 which landed exactly to the day *one* year ago. That code was reviewed by three people and no one saw the mistake:

The new unicode capability, which in fact never worked as we see here (and in bug 1493542), was advertised in the TB 57 release notes ( I couldn't test it since none of my mail providers accept non-ASCII passwords, so I hoped one of the complainers in bug 312593 would have tried it :-(

Then the code was touched again recently, and again, the mistake went unnoticed:
Attachment #9011285 - Flags: review?(jorgk) → review+


6 months ago
Assignee: nobody → infofrommozilla
Ever confirmed: true

Comment 6

6 months ago
Comment on attachment 9011285 [details] [diff] [review]
Fix 'truncated password' when using AUTH PLAIN (SMTP)

Since we advertise working UTF-8 passwords in TB 60, they'd better be working.
Attachment #9011285 - Flags: approval-comm-esr60+
Attachment #9011285 - Flags: approval-comm-beta+

Comment 7

6 months ago
Pushed by
Fix 'truncated password' when using AUTH PLAIN (SMTP). r=jorgk
Last Resolved: 6 months ago
Resolution: --- → FIXED


6 months ago
Target Milestone: --- → Thunderbird 64.0

Comment 8

6 months ago
TB 60.1/60.2:
status-thunderbird63: --- → affected
status-thunderbird64: --- → fixed
status-thunderbird_esr60: --- → fixed
tracking-thunderbird_esr60: --- → 62+
You need to log in before you can comment on or make changes to this bug.