Bug 1500772 - Revert POP3 USER/PASS and SMTP LOGIN auth back to ASCII/Latin1. r=AlfredPeters
authorJorg K <jorgk@jorgk.com>
Mon, 05 Nov 2018 17:53:31 +0100
changeset 33658 7fcefde4be7f06455cd859fff3180c767cd8d1d2
parent 33657 99087a5cc9378a68bdf4207289081b5bf5f70f5d
child 33659 9f8543c1794e18fd07cac56dd5cc3aa99a89494e
push id388
push userclokep@gmail.com
push dateMon, 28 Jan 2019 20:54:56 +0000
reviewersAlfredPeters
bugs1500772
Bug 1500772 - Revert POP3 USER/PASS and SMTP LOGIN auth back to ASCII/Latin1. r=AlfredPeters
mailnews/compose/src/nsSmtpProtocol.cpp
mailnews/local/src/nsPop3Protocol.cpp
mailnews/mailnews.js
--- a/mailnews/compose/src/nsSmtpProtocol.cpp
+++ b/mailnews/compose/src/nsSmtpProtocol.cpp
@@ -38,16 +38,17 @@
 #include "nsMsgCompUtils.h"
 #include "nsIMsgWindow.h"
 #include "MailNewsTypes2.h" // for nsMsgSocketType and nsMsgAuthMethod
 #include "nsIIDNService.h"
 #include "nsICancelable.h"
 #include "mozilla/mailnews/MimeHeaderParser.h"
 #include "mozilla/Services.h"
 #include "mozilla/Attributes.h"
+#include "mozilla/Preferences.h"
 #include "nsINetAddr.h"
 #include "nsIProxyInfo.h"
 
 #ifndef XP_UNIX
 #include <stdarg.h>
 #endif /* !XP_UNIX */
 
 #undef PostMessage // avoid to collision with WinUser.h
@@ -1559,17 +1560,17 @@ nsresult nsSmtpProtocol::AuthLoginStep2(
   nsAutoString password;
 
   GetPassword(password);
   if (password.IsEmpty())
   {
     m_urlErrorState = NS_ERROR_SMTP_PASSWORD_UNDEFINED;
     return NS_ERROR_SMTP_PASSWORD_UNDEFINED;
   }
-  NS_ConvertUTF16toUTF8 passwordUTF8(password);
+  nsAutoCString passwordUTF8 = NS_ConvertUTF16toUTF8(password);
   MOZ_LOG(SMTPLogModule, mozilla::LogLevel::Debug, ("SMTP AuthLoginStep2"));
 
   if (!passwordUTF8.IsEmpty())
   {
     // We use 515 characters here so we can transmit a 512 byte response followed by CRLF.
     // User name and encoded digest, currently 255 + 1 + 2*16 bytes, will need
     // 4 * (255 + 1 + 32) / 3 = 384 bytes when base64 encoded.
     char buffer[515];
@@ -1620,20 +1621,33 @@ nsresult nsSmtpProtocol::AuthLoginStep2(
     else if (m_currentAuthMethod == SMTP_AUTH_NTLM_ENABLED ||
              m_currentAuthMethod == SMTP_AUTH_MSN_ENABLED)
     {
       MOZ_LOG(SMTPLogModule, mozilla::LogLevel::Debug, ("NTLM/MSN auth, step 2"));
       nsAutoCString response;
       rv = DoNtlmStep2(m_responseText, response);
       PR_snprintf(buffer, sizeof(buffer), "%.512s" CRLF, response.get());
     }
-    else if (m_currentAuthMethod == SMTP_AUTH_PLAIN_ENABLED ||
-             m_currentAuthMethod == SMTP_AUTH_LOGIN_ENABLED)
+    else if (m_currentAuthMethod == SMTP_AUTH_PLAIN_ENABLED)
     {
-      MOZ_LOG(SMTPLogModule, mozilla::LogLevel::Debug, ("PLAIN/LOGIN auth, step 2"));
+      MOZ_LOG(SMTPLogModule, mozilla::LogLevel::Debug, ("PLAIN auth, step 2"));
+      if (passwordUTF8.Length() > 255)
+        passwordUTF8.Truncate(255);
+      char *base64Str = PL_Base64Encode(passwordUTF8.get(), passwordUTF8.Length(), nullptr);
+      // Base64 encoding of 255 bytes gives 340 bytes.
+      PR_snprintf(buffer, sizeof(buffer), "%s" CRLF, base64Str);
+      free(base64Str);
+    }
+    else if (m_currentAuthMethod == SMTP_AUTH_LOGIN_ENABLED)
+    {
+      MOZ_LOG(SMTPLogModule, mozilla::LogLevel::Debug, ("LOGIN auth, step 2"));
+      bool useLatin1 =
+        mozilla::Preferences::GetBool("mail.smtp_login_pop3_user_pass_auth_is_latin1", true);
+      if (useLatin1)
+        passwordUTF8 = NS_LossyConvertUTF16toASCII(password);  // Don't use UTF-8 after all.
       if (passwordUTF8.Length() > 255)
         passwordUTF8.Truncate(255);
       char *base64Str = PL_Base64Encode(passwordUTF8.get(), passwordUTF8.Length(), nullptr);
       // Base64 encoding of 255 bytes gives 340 bytes.
       PR_snprintf(buffer, sizeof(buffer), "%s" CRLF, base64Str);
       free(base64Str);
     }
     else
--- a/mailnews/local/src/nsPop3Protocol.cpp
+++ b/mailnews/local/src/nsPop3Protocol.cpp
@@ -42,16 +42,17 @@
 #include "nsICancelable.h"
 #include "nsMsgMessageFlags.h"
 #include "nsMsgBaseCID.h"
 #include "nsIProxyInfo.h"
 #include "nsCRT.h"
 #include "mozilla/Services.h"
 #include "mozilla/Logging.h"
 #include "mozilla/Attributes.h"
+#include "mozilla/Preferences.h"
 
 using namespace mozilla;
 
 LazyLogModule POP3LOGMODULE("POP3");
 #define POP3LOG(str) "[this=%p] " str, this
 
 static int
 net_pop3_remove_messages_marked_delete(PLHashEntry* he,
@@ -2315,17 +2316,22 @@ int32_t nsPop3Protocol::SendPassword()
     char *base64Str = PL_Base64Encode(passwordUTF8.get(),
                                       passwordUTF8.Length(), nullptr);
     cmd.Adopt(base64Str);
   }
   else if (m_currentAuthMethod == POP3_HAS_AUTH_USER)
   {
     MOZ_LOG(POP3LOGMODULE, LogLevel::Debug, (POP3LOG("PASS password")));
     cmd = "PASS ";
-    cmd += passwordUTF8;
+    bool useLatin1 =
+      mozilla::Preferences::GetBool("mail.smtp_login_pop3_user_pass_auth_is_latin1", true);
+    if (useLatin1)
+      cmd += NS_LossyConvertUTF16toASCII(m_passwordResult);
+    else
+      cmd += passwordUTF8;
   }
   else
   {
     MOZ_LOG(POP3LOGMODULE, LogLevel::Error,
             (POP3LOG("In nsPop3Protocol::SendPassword(), m_currentAuthMethod is %X, "
                      "but that is unexpected"), m_currentAuthMethod));
     return Error("pop3AuthInternalError");
   }
--- a/mailnews/mailnews.js
+++ b/mailnews/mailnews.js
@@ -600,16 +600,19 @@ pref("mail.smtp.useMatchingHostNameServe
 // if true, we'll use the email sender's address for the smtp
 // MAIL FROM, which might become the return-path. If false
 // we use the identity email address, which is the old behaviour
 pref("mail.smtp.useSenderForSmtpMailFrom", true);
 
 pref("mail.smtpserver.default.authMethod", 3); // cleartext password. @see nsIMsgIncomingServer.authMethod.
 pref("mail.smtpserver.default.try_ssl", 0); // @see nsISmtpServer.socketType
 
+// If true, SMTP LOGIN auth and POP3 USER/PASS auth, the last of the methods to try, will use Latin1.
+pref("mail.smtp_login_pop3_user_pass_auth_is_latin1", true);
+
 // For the next 3 prefs, see <http://www.bucksch.org/1/projects/mozilla/16507>
 pref("mail.display_glyph", true);   // TXT->HTML :-) etc. in viewer
 pref("mail.display_struct", true);  // TXT->HTML *bold* etc. in viewer; ditto
 pref("mail.send_struct", false);   // HTML->HTML *bold* etc. during Send; ditto
 // display time and date in message pane using senders timezone
 pref("mailnews.display.date_senders_timezone", false);
 // For the next 4 prefs, see <http://www.bucksch.org/1/projects/mozilla/108153>
 pref("mailnews.display.prefer_plaintext", false);  // Ignore HTML parts in multipart/alternative