The default bug view has changed. See this FAQ.

APOP information is reset after stepping up a TLS connection

RESOLVED FIXED

Status

MailNews Core
Networking: POP
RESOLVED FIXED
11 years ago
8 years ago

People

(Reporter: Scott MacGregor, Assigned: Scott MacGregor)

Tracking

({fixed1.8.0.7, fixed1.8.1})

Trunk
x86
Windows XP
fixed1.8.0.7, fixed1.8.1
Bug Flags:
blocking-thunderbird2 +
blocking1.8.0.7 +

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Assignee)

Description

11 years ago
This came from Kazu Yamamoto:

Outline: Thunderbird cannot use APOP if TLS is used.

Reason: Thunderbird resets APOP information after a TLS connection is
        created. Yes, information provided by the CAPA command must be
        reset. And new information must be obtained with the second
        CAPA command. However, APOP information is provided by
        greeting and it MUST NOT be reset.

Fix: See the following code. Since Thunderbird is too larget, I have not
     compiled it. (I'm not a C++ programmer, so the syntax may be awkward
     but I hope you can understand my intention.)

mailnews/local/src/nsPop3Protocol.c: 

+     boolean has_apop = TestCapFlag(POP3_HAS_AUTH_APOP);
      m_pop3ConData->capability_flags =     // resetting the flags
        POP3_AUTH_MECH_UNDEFINED |
        POP3_HAS_AUTH_USER |                // should be always there
        POP3_GURL_UNDEFINED |
        POP3_UIDL_UNDEFINED |
        POP3_TOP_UNDEFINED |
        POP3_XTND_XLST_UNDEFINED;
+    if (has_apop) SetCapFlag(POP3_HAS_AUTH_APOP);
(Assignee)

Updated

11 years ago
Status: NEW → ASSIGNED
Flags: blocking-thunderbird2+
(Assignee)

Comment 1

11 years ago
Created attachment 235134 [details] [diff] [review]
possible fix

I don't have a POP3 / APOP server I can test this against, but it should do the trick.

I could also have written the patch as:

      m_pop3ConData->capability_flags =     // resetting the flags
        POP3_AUTH_MECH_UNDEFINED |
        POP3_HAS_AUTH_USER |                // should be always there
        POP3_GURL_UNDEFINED |
        POP3_UIDL_UNDEFINED |
        POP3_TOP_UNDEFINED |
        POP3_XTND_XLST_UNDEFINED | 
        (TestCapFlag(POP3_HAS_AUTH_APOP) ? POP3_HAS_AUTH_APOP : 0); // preserve the APOP flag with the new connection

I'm not sure which way is the easier on the eyes.

Comment 2

11 years ago
how about this?

PRUint32 preservedFlags = m_pop3ConData->capability_flags & POP3_HAS_AUTH_APOP;

and then the rest of your patch. That makes it easier to add flags that need preserving, if any.
(Assignee)

Comment 3

11 years ago
Created attachment 235139 [details] [diff] [review]
improved fix per bienvenu

great idea David.
Attachment #235134 - Attachment is obsolete: true
(Assignee)

Updated

11 years ago
Attachment #235139 - Flags: superreview?(bienvenu)

Updated

11 years ago
Attachment #235139 - Flags: superreview?(bienvenu) → superreview+
(Assignee)

Comment 4

11 years ago
fixed branch and trunk.
Keywords: fixed1.8.1
I've tested the latest-mozilla1.8 en-US Mac build and confirmed the bug fix.
APOP + TLS works for me. No error message is shown now.

Can you also check-in the patch to the 1.8.0 branch if it has no risk?
We would appreciate if you can fix this bug for the upcoming Thunderbird 1.5.0.7.

Thank you very much for your work!

Comment 6

11 years ago
sorry, I think it's too late for 1.5.0.7 but we can try to get it into 1.5.0.8
Flags: blocking1.8.0.8?

Updated

11 years ago
Attachment #235139 - Flags: approval1.8.0.8?

Updated

11 years ago
Attachment #235139 - Flags: approval1.8.0.7?
Comment on attachment 235139 [details] [diff] [review]
improved fix per bienvenu

approved for 1.8.0 branch, a=dveditz for drivers
Attachment #235139 - Flags: approval1.8.0.8?
Attachment #235139 - Flags: approval1.8.0.7?
Attachment #235139 - Flags: approval1.8.0.7+
Flags: blocking1.8.0.8? → blocking1.8.0.7+

Comment 8

11 years ago
fixed for 1.5.0.7 as well. 
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Keywords: fixed1.8.0.7
Resolution: --- → FIXED
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.