Closed
Bug 556491
Opened 14 years ago
Closed 14 years ago
[autoconfig] guessConfig() only finds first AUTH method for SMTP
Categories
(Thunderbird :: Account Manager, defect)
Thunderbird
Account Manager
Tracking
(thunderbird3.1 beta2-fixed, thunderbird3.0 .5-fixed)
RESOLVED
FIXED
Thunderbird 3.1b2
Tracking | Status | |
---|---|---|
thunderbird3.1 | --- | beta2-fixed |
thunderbird3.0 | --- | .5-fixed |
People
(Reporter: BenB, Assigned: BenB)
Details
Attachments
(2 files)
970 bytes,
patch
|
bwinton
:
review+
standard8
:
approval-thunderbird3.0.5+
|
Details | Diff | Splinter Review |
911 bytes,
patch
|
Details | Diff | Splinter Review |
Reproduction: 1. Start account creation wizard 2. Enter "foo@fastwebnet.it" as email address, and [Continue] 3. Click on [Manual Setup] 4. in Account Manager, to to Outgoing SMTP servers and check the new server. Check which SMTP server and specifically which password authentication is used. Actual result: Unencrypted password is used Expected result: Encrypted password is used Server: netcat smtp.fastwebnet.it 25, and entering "EHLO foo" gives: ... 250-AUTH=LOGIN 250-AUTH LOGIN CRAM-MD5 DIGEST-MD5 PLAIN ... Implementation: From the code, I think that the first AUTH= line is irrelevant. We used regexp e.g. "AUTH CRAM-MD5" so we wouldn't match the first line anyways (to my knowledge "AUTH " is correct, and IMAP used "AUTH="). However, we wouldn't match the second line either, because it starts with "AUTH LOGIN". IMAP repeats the "AUTH" and uses "AUTH=LOGIN AUTH=CRAM-MD5", but not so SMTP. So, we need to relax the regexp.
Assignee | ||
Comment 1•14 years ago
|
||
This fixes the problem. From what I understand, this problem existed in 3.0, too. Please give this bug precedence in review, as it's needlessly using an insecure setup.
Comment 2•14 years ago
|
||
Comment on attachment 436451 [details] [diff] [review] Fix, v1 Yeah, it could be better, but that's a followup bug. r=me.
Attachment #436451 -
Flags: review?(bwinton) → review+
Assignee | ||
Comment 3•14 years ago
|
||
Commited as <http://hg.mozilla.org/comm-central/rev/0d37fec98367>. FIXED I will file a followup bug for making the regexps match more precisely (less wildly), or feel free to file it.
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Comment 4•14 years ago
|
||
Followup bug filed as Bug 556531.
Assignee | ||
Updated•14 years ago
|
blocking-thunderbird3.0: --- → ?
Updated•14 years ago
|
status-thunderbird3.1:
--- → beta2-fixed
Target Milestone: --- → Thunderbird 3.1b2
Updated•14 years ago
|
Attachment #436451 -
Flags: approval-thunderbird3.0.5+
Comment 5•14 years ago
|
||
Comment on attachment 436451 [details] [diff] [review] Fix, v1 This looks like a good fix to get into 3.0.5. a=Standard8.
Assignee | ||
Comment 6•14 years ago
|
||
The code changed in 3.1, so this is the corresponding 3.0 version of the patch.
Assignee | ||
Comment 7•14 years ago
|
||
Commited to 3.0 <http://hg.mozilla.org/releases/comm-1.9.1/rev/d923bd468843>
status-thunderbird3.0:
--- → .5-fixed
Updated•14 years ago
|
blocking-thunderbird3.0: ? → ---
You need to log in
before you can comment on or make changes to this bug.
Description
•