Bug 1493542 - Fix for incorrect UTF-8 passwords at POP3 AUTH. r+a=jorgk
authorAlfred Peters <infofrommozilla@gmail.com>
Sun, 23 Sep 2018 12:42:00 +0200
changeset 31825 03c944b00394
parent 31824 0e7a9aa6ed55
child 31826 b63dc822b694
push id77
push usermozilla@jorgk.com
push dateSun, 23 Sep 2018 22:45:08 +0000
treeherdercomm-esr60@b63dc822b694 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1493542
Bug 1493542 - Fix for incorrect UTF-8 passwords at POP3 AUTH. r+a=jorgk
mailnews/local/src/nsPop3Protocol.cpp
--- a/mailnews/local/src/nsPop3Protocol.cpp
+++ b/mailnews/local/src/nsPop3Protocol.cpp
@@ -2202,32 +2202,32 @@ int32_t nsPop3Protocol::SendPassword()
   {
     m_pop3ConData->next_state = POP3_ERROR_DONE;
     return Error("pop3PasswordUndefined");
   }
   // </copied>
 
   nsAutoCString cmd;
   nsresult rv;
+  NS_ConvertUTF16toUTF8 passwordUTF8(m_passwordResult);
 
   if (m_currentAuthMethod == POP3_HAS_AUTH_NTLM)
     rv = DoNtlmStep2(m_commandResponse, cmd);
   else if (m_currentAuthMethod == POP3_HAS_AUTH_CRAM_MD5)
   {
     MOZ_LOG(POP3LOGMODULE, LogLevel::Debug, (POP3LOG("CRAM login")));
     char buffer[512]; // TODO nsAutoCString
     unsigned char digest[DIGEST_LENGTH];
 
     char *decodedChallenge = PL_Base64Decode(m_commandResponse.get(),
     m_commandResponse.Length(), nullptr);
 
     if (decodedChallenge)
       rv = MSGCramMD5(decodedChallenge, strlen(decodedChallenge),
-                      NS_ConvertUTF16toUTF8(m_passwordResult).get(),
-                      m_passwordResult.Length(), digest);
+                      passwordUTF8.get(), passwordUTF8.Length(), digest);
     else
       rv = NS_ERROR_NULL_POINTER;
 
     if (NS_SUCCEEDED(rv))
     {
       nsAutoCString encodedDigest;
       char hexVal[8];
 
@@ -2249,18 +2249,17 @@ int32_t nsPop3Protocol::SendPassword()
   }
   else if (m_currentAuthMethod == POP3_HAS_AUTH_APOP)
   {
     MOZ_LOG(POP3LOGMODULE, LogLevel::Debug, (POP3LOG("APOP login")));
     char buffer[512];
     unsigned char digest[DIGEST_LENGTH];
 
     rv = MSGApopMD5(m_ApopTimestamp.get(), m_ApopTimestamp.Length(),
-                    NS_ConvertUTF16toUTF8(m_passwordResult).get(),  // Or ASCII?
-                    m_passwordResult.Length(), digest);
+                    passwordUTF8.get(), passwordUTF8.Length(), digest);
 
     if (NS_SUCCEEDED(rv))
     {
       nsAutoCString encodedDigest;
       char hexVal[8];
 
       for (uint32_t j=0; j<16; j++)
       {
@@ -2296,38 +2295,36 @@ int32_t nsPop3Protocol::SendPassword()
     }
 
     char plain_string[512]; // TODO nsCString
     int len = 1; /* first <NUL> char */
     memset(plain_string, 0, 512);
     PR_snprintf(&plain_string[1], 510, "%s", m_username.get());
     len += m_username.Length();
     len++; /* second <NUL> char */
-    NS_ConvertUTF16toUTF8 uniPassword(m_passwordResult);
-    PR_snprintf(&plain_string[len], 511-len, "%s", uniPassword.get());
-    len += uniPassword.Length();
+    PR_snprintf(&plain_string[len], 511-len, "%s", passwordUTF8.get());
+    len += passwordUTF8.Length();
 
     char *base64Str = PL_Base64Encode(plain_string, len, nullptr);
     cmd = base64Str;
     PR_Free(base64Str);
   }
   else if (m_currentAuthMethod == POP3_HAS_AUTH_LOGIN)
   {
     MOZ_LOG(POP3LOGMODULE, LogLevel::Debug, (POP3LOG("LOGIN password")));
-    NS_LossyConvertUTF16toASCII asciiPassword(m_passwordResult);
-    char * base64Str = PL_Base64Encode(asciiPassword.get(),
-                                       asciiPassword.Length(), nullptr);
+    char *base64Str = PL_Base64Encode(passwordUTF8.get(),
+                                      passwordUTF8.Length(), nullptr);
     cmd = base64Str;
     PR_Free(base64Str);
   }
   else if (m_currentAuthMethod == POP3_HAS_AUTH_USER)
   {
     MOZ_LOG(POP3LOGMODULE, LogLevel::Debug, (POP3LOG("PASS password")));
     cmd = "PASS ";
-    cmd += NS_LossyConvertUTF16toASCII(m_passwordResult);
+    cmd += passwordUTF8.get();
   }
   else
   {
     MOZ_LOG(POP3LOGMODULE, LogLevel::Error,
             (POP3LOG("In nsPop3Protocol::SendPassword(), m_currentAuthMethod is %X, "
                      "but that is unexpected"), m_currentAuthMethod));
     return Error("pop3AuthInternalError");
   }