Closed Bug 34996 Opened 24 years ago Closed 24 years ago

Special characters "@", "%" signs in the user name causing crash/random problems

Categories

(MailNews Core :: Networking, defect, P2)

Product:
MailNews Core
Component:
Networking
Platform:
x86
All
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: cristiana, Assigned: sspitzer)

References

Details

(Keywords: crash, Whiteboard: [nsbeta3+][nsbeta2-][PDTP2])

Attachments

(2 files)

fix for pop - escape the username before sending it to SetSpec
1.19 KB, patch
Details | Diff | Splinter Review
take two - this time handle all the pop3 servers
2.62 KB, patch
Details | Diff | Splinter Review 
my mail server name is mail.drumbeatdigital.com and my login name is
cristianay@drumbeatdigital.com.  When i try to get mail the dialog box says
retrieving mail for cristianay@mail.drumbeatdigital.com, and i type my password
(which i confirmed as being correct in another mail program; kmail) another
dialog box pops up and says incorrect password, and i try the password again,
and the dialog box pops up again, ad infinitum.  Incidently this also happens
with netscape 4.72.
If this happens with 4.x, then it may not be a Mozilla only problem.

Are you using IMAP or POP? 
Are you giving the login ID as "christianay@drumbeatdigital.com" or as
"christianay"?  Can you try to see if the latter version works?
cristiana - can you try what zach suggested?
Thanks.

Leave unconfirmed until we get more information.
Summary: cant login to mail server → can't login to mail server
From cristiana via email:

I cant login as cristianay because my username is 
'cristianay@drumbeatdigital.com' that is the problem.  (but i already
did try to 
login as cristiany and that didnt work either, i even tried to login as 
cristianay%40drumbeatdigital.com, but that didnt work either).
Status: UNCONFIRMED → NEW
Ever confirmed: true
Alecf, can the account manager handle '@' signs in the user name? If yes, then
bounce back to me as it must be a problem down at the protocol layer where the
'@' isn't being escaped before we try to parse the user name from the uri.
Assignee: mscott → alecf
Summary: can't login to mail server → @ signs in the user name causing problems in login.
Keywords: nsbeta2
Target M17.
Target Milestone: --- → M17
Per Phil -- We need to set our policy on how to handle this.  There may be a 
migration issue depending on how we decided.  Also, consider the 4.x allow @ 
sign in user name pref.
Whiteboard: [nsbeta2+]
ok, I checked this out. Everything is happening correctly - all @'s and \'s are 
appearing correctly in the prefs, URIs are being escaped correctly, and even 
FindServer is being called with the correct username.

So I'm guessing that the protocol is trying to do it's own parsing when it 
actually goes to login.
Status: NEW → ASSIGNED
I got it!
The problem was that when we created the pop3 url, we weren't escaping the 
username, which confused the heck out of the url parser, leaving m_pop3server as 
null...
I'm testing my patch now.

I just checked IMAP, it's ok...I can't for the life of me figure out where news 
creates it's URLs :)
ok, after going over nsPop3Service a bit more, I found 2 other places where 
we're poorly creating the URL.. now I'm testing this one.
fix is IN.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
*** Bug 41661 has been marked as a duplicate of this bug. ***
Copy Alec's comments from bug 41661 -- This should have fixed all 'special' 
characters, including ":", "@", "%", and I think even "\".
I'll take this one for verify.
QA Contact: lchiang → huang
Summary: @ signs in the user name causing problems in login. → Special characters ":", "@", "%","\" signs in the user name causing problems in login
Lisa, do we have test accounts with ":", "@", "%","\" user names in house 
available for verifying this bug.
If not, cristiana, tim and gemal, do you all have test accounts available for 
external peoples to access (please send email with server name, userid & 
passwords to me if you have)...otherwise, I may need you all help for verifying 
this bug....thanks.
Since we don't have such userids in house for testing..
I am just changing the summary back to "@", "%" (at least we have two peoples 
cristiana & tim can help for verifying "@" & "%" for this bugs)
I will appreciate if cristiana can help for verifying on the userid with "@" and 
tim can verify on the userid with "%". -- Thanks. 
Putting "Need help for verify" on the status whiteboard....
Summary: Special characters ":", "@", "%","\" signs in the user name causing problems in login → Special characters "@", "%" signs in the user name causing problems in login
Whiteboard: [nsbeta2+] → [nsbeta2+] Need help for verify
Build ID 2000060820 still the problem with tim%richardson.net@mr.mailbank.com

Anyone can test using that address; the crash occurs before the request for the 
POP password. 
Why is my build ID the same as last Friday? I downloaded again just now (Tuesday 
June 13 Singapore time.).
Thanks for the updates.

> Anyone can test using that address
 
Can you email the password of this test account to me? (huang@netscape.com)
Is this account created for only POP?
Maybe the build id has not been updated yet....
that's tim's personal account, and as he says, you don't need the password to 
see the crash.

reopening this bug, I'll deal with it.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
< you don't need the password to see the crash.
Yes. I got crash too on WinNT platform.
Didn't get the talkback report but just attach the drwtsn32.log as following:
I already sent email/log to Alec since there was Bugzilla error when I was 
trying to attach log here....
Now I dont get a crash. I'm getting a dialog asking for password for:
"nina@hilsted.dk@pop3.mail.dk"
When I enter the password and press OK, I'm getting "Error in sending password 
to the server"

Why I got an Alert "Please enter a valid email address" when I was tring to 
create this new profile by using "nina@hilsted.dk@pop3.mail.dk"?
Use the following when creating the POP3 account:
Mailserver: pop3.mail.dk
Username: hilsted@mail.dk

karen - the e-mail address is different from the pop3 login name.
so the e-mail address might be something like foo@bar.com, but the pop3 login
name might ALSO be foo@bar.com. foo@bar.com@bar.com is not a valid e-mail
address.
Status: REOPENED → ASSIGNED
Thanks. Alec. I think I know what you mean now.

Copy original comments of Phil Peterson 1999-10-13 10:05 on bug 12390:

John Friend:
> At thought just occurred to me.  Maybe this "mail.allow_at_sign_in_user_name"
> setting could be autodetected.  The really awesome way to solve this problem
> would be to just try the exact string the user enters as the user name.  If
> it works use it.  If it doesn't work (e.g. auth fails), then strip off the @
> stuff and try again.  If it works that time, make some note in prefs that
> next time you should do the stripping.  If the user ever changes their user
> name, then clear the bit that says you should do the stripping so you try the
> full name again.  The only downside I can see is that if a user enters the @
> sign, we have one failed auth try before realizing that they shouldn't have
> put the @ sign in.
>
> This would let both old users who have gotten used to our tolerance of this
> work and new users who need the @ sign in their user name without any support
> calls or custom prefs.

I saw the password dialog displayed, but because of the password, the rest of 
test....I think that Henrik already described.

Sounded like this account already created successfully but with the password 
problem, do you think this is same bug or another bug?
Comments from Christina via email.  (Christina, you can click on the bug link 
and edit the bug yourself without having to send me email. This way, your 
response will be in the bug report in a timely manner :-)

I tried the latest build from mozillazine.org today (june 14th) and here
are the results:
pop3 on linux crashes the browser with no core or message.  
imap on linux gives this message on the console: In OnFolderLoaded for
imap://cristianay%40drumbeatdigital.com@mail.drumbeatdigital.com/INBOX 
and has no activity i nthe browser
pop3 on win32 pops up a login failed dialog box and then asks for a
password
imap on win32 does the same as pop3
*** Bug 43105 has been marked as a duplicate of this bug. ***
ok, I've now got a little server installed locally with accounts that contain 
extra @, %, /, and \. Hopefully that should cover it. trying each one now.
Whiteboard: [nsbeta2+] Need help for verify → [nsbeta2+]
ok, so problem numero uno: On usernames with percent in them, we're trying to 
unescape the username in the URL when we call GetServer(), and so "abc%efg" 
becomes "abc" - then we call the evil FindServer call with "abc" as the 
username. Doh!
I'm going to see if it's necessary to unescape the username. 

the real fix here is to simply set the incoming server in the URL in some 
out-of-band manner.
*** Bug 43856 has been marked as a duplicate of this bug. ***
If this isn't fixed by 7/13 we are going to cut from nsbeta2.
Whiteboard: [nsbeta2+] → [nsbeta2+][7/13]
Whiteboard: [nsbeta2+][7/13] → [nsbeta2+][7/13] ETA 7/13
marking nsbeta2- as decided by mail triage.
Whiteboard: [nsbeta2+][7/13] ETA 7/13 → [nsbeta2-]
nsbeta3 nomination.  I'm tempted to say this is polish because I don't expect it 
to be hit a lot, but I don't know that for sure.  Assuming it's correctness, 
please update if you know otherwise.
Keywords: correctness, nsbeta3
Not hit a lot?  We've got over one million affected or potentially affected
customers here.  Fortunately Netscape 4.5 and higher have a workaround for this;
the mail.allow_at_sign_in_user_name pref.  Due to the _scale_ of the problem
here, we've had to ship an additional program which makes the necessary changes
to the prefs.js file to get this to work in 4.x.  So far we haven't had too many
people actually using the milestone builds, but a lot of them did try out
preview release 1.

Anyway, this is going to affect quite a few people, not only here (I work for an
ISP, if you couldn't tell) but elsewhere... requiring an @ or a % in the email
username is quite common for ISPs that host multiple domains.

possible item for b2 release note
Keywords: relnote2
Adding mail2 nomination keyword for triage effort.
Keywords: mail2
+ per mail triage
Whiteboard: [nsbeta2-] → [nsbeta3+][nsbeta2-]
Target Milestone: M17 → M18
*** Bug 47757 has been marked as a duplicate of this bug. ***
OK, I've reproduced the crash on WinNT 4.0 (2000080420) and Linux (2000080421)
and I've got talkback ID's for each incident:
WinNT: TB15330567X
Linux: TB15329222H

These crashes occurred when clicking 'Get Msg' when trying to download POP3 mail
from an account that contains a % symbol in its username. No password dialog is
shown. Linux was using modern skin and Windows using classic skin.
OS: Linux → All
updating summary, adding crash keyword
Keywords: crash
Summary: Special characters "@", "%" signs in the user name causing problems in login → Special characters "@", "%" signs in the user name causing crash/random problems
Priority: P3 → P2
*** Bug 49207 has been marked as a duplicate of this bug. ***
Sorry for submitting a duplicate to this bug - I tried to search for "mail 
crash" and didn't find it. Anyway, just wanted to confirm that name%domain is a 
very common username for anyone who would use virtual domain hosting at an ISP 
(mine uses qmail as their mail server). Also, this used to work in M15, but was 
broken in M16 - I hope this might help.
it doesn't crash any more with nyghtly build 2000082020/mac, but it doesn't ask
for the password anymore, too...
*** Bug 51364 has been marked as a duplicate of this bug. ***
PDT agreed this is a P2 level bug
Whiteboard: [nsbeta3+][nsbeta2-] → [nsbeta3+][nsbeta2-][PDTP2]
taking from alecf.
Assignee: alecf → sspitzer
Status: ASSIGNED → NEW
accepting.
Status: NEW → ASSIGNED
*** Bug 51364 has been marked as a duplicate of this bug. ***
Severity: normal → major
*** Bug 51699 has been marked as a duplicate of this bug. ***
adding laurel to the cc list.
I added two new users on poisonivy.mcom.com (a Netscape 3.5 server) for this
bug.

User #1:  
   Willy Wacko
   userid: ww@cko
   email address:  wwacko@poisonivy.mcom.com

User #2:
   P. Cent
   userid:  p%cent
   email address:  p%cent@poisonivy.mcom.com
ok, I have a potential fix for this problem.

basically, here's the issue:

on the nsMsgMailNewsUrl we set the username, and later we get the username.
nsMsgMailNewsUrl inherits from nsStdUrl. in nsStdUrl.cpp, GetUsername() always
unescapes the username, where SetUsername() is just a strdup.

the key to fixing this bug is to make sure we escape the username before calling
SetUsername() on the nsMsgMailNewsUrl, and *not* to unescape after calling
GetUsername()

my fix seems to work fine for foo%bar usernames, I'm off to see how it works for
foo@bar usernames.

before I check this fix in, I'll test it heavily and get it carefully reviewed.
Whiteboard: [nsbeta3+][nsbeta2-][PDTP2] → [nsbeta3+][nsbeta2-][PDTP2] working on this 9-8-00
fixed.

something to remember when testing on usernames with "@" (like ww@cko) is that
you set the "mail.allow_at_sign_in_user_name" pref to true in your prefs.js file.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago24 years ago
Resolution: --- → FIXED
By using today's 09-14-08-M18 commercial builds
There is no crash when trying to login by using hilsted@mail.dk mail account.
I got an Alert "connection refused to the server" when login to 
tim%richardson.net mail account.
Can anybody help for verifying mail account with the "%" character?
Adding need help for verify on the status whiteboard.
Whiteboard: [nsbeta3+][nsbeta2-][PDTP2] working on this 9-8-00 → [nsbeta3+][nsbeta2-][PDTP2] need help for verify
Karen, please use the verifyme keyword.
Keywords: verifyme
Whiteboard: [nsbeta3+][nsbeta2-][PDTP2] need help for verify → [nsbeta3+][nsbeta2-][PDTP2]
Thanks Laurel for the info.
By using those two users' POP accounts from poisonivy.mcom.com server
I am able to login to those two accounts from 6.0 new profiles.
I can also send and read mail messages from those two accounts.
Thanks Seth for fixing this problem and Laurel for setting users on the server.
Verified on WinNT 09-15-08-M18 commercial build
Verified on Linux 09-15-08-M18 commercial build
Verified on Mac 09-15-08-M18 commercial build
Marking as verified!!
Status: RESOLVED → VERIFIED
Need to have it reopened (and I haven't the "power" to do that), please someone
do this for me.

I created a test account where you can see that it isn't working with Build
2000101014 on Win98

User name: mozilla@iseli.org
POP3 server: mail.iseli.org
password: test

David Krause told me on IRC that I have to add
user_pref("mail.allow_at_sign_in_user_name", true); in my prefs.js (in user
directory). A non-hacker user should not do any editing of files. This should be
set by default or even prompted when setting up the account.

I confirm that this fixed the problem. For me, the bug is not fixed yet,
however. To be fixed, the above mentioned line should be automatically added in
the prefs.js.

Verah, to help people like ricky we need to relnote this.

Seth, is there any risk in changing the default to true? If there is, could you 
file a bug, pick an assignee, and explain the risk. If not, could we possibly 
change the default to true?

relnote: &branding; mailnews prefers not to accept account names containing 
&oddcharacters; if your account includes one of those characters please edit 
prefs.js (link explaining how to find and edit it) to include this string:
user_pref("mail.allow_at_sign_in_user_name", true);
Keywords: relnote, relnoteRTM
I should mention that bug 53970 already logged for above problem and there was 
relnote3 on that bug keywords. Seth should look at that bug....
Blocks: 53970
Thanks Karen, removing all relnote keywords; for the Release Notes please use 
bug 53970 (now marked as blocked by this fixed bug).  [reason for the 
blocking relationship] If we did not have this feature we could not possibly 
need to change the default preference.
Keywords: relnote, relnote2, relnoteRTM, verifyme
*** Bug 56504 has been marked as a duplicate of this bug. ***
Verified again on IMAP for WinNT 10-06-09-MN6 build.
Yes!! Seth's fix on IMAP as well for @ user name account.
Adding this comments is for bug 53970 reference.

Another bad bug related to this:
http://bugzilla.mozilla.org/show_bug.cgi?id=59231
impossible to have \ in mail passwords...:(

Removing myself from list of cc's.
*** Bug 72450 has been marked as a duplicate of this bug. ***
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: