Bug 1493542 - Fix for incorrect UTF-8 passwords at POP3 AUTH. r=jorgk
authorAlfred Peters <infofrommozilla@gmail.com>
Sun, 23 Sep 2018 12:42:00 +0200
changeset 33215 e55253fbb27b710e80d766e4d0cec7c43ffaac0b
parent 33214 afd14a54871a034558d33deb86ea36e4120ff6b2
child 33216 5ed1ac772746107a74dbcc579e8effbaacc62151
push id387
push userclokep@gmail.com
push dateMon, 10 Dec 2018 21:30:47 +0000
reviewersjorgk
bugs1493542
Bug 1493542 - Fix for incorrect UTF-8 passwords at POP3 AUTH. r=jorgk
mailnews/local/src/nsPop3Protocol.cpp
--- a/mailnews/local/src/nsPop3Protocol.cpp
+++ b/mailnews/local/src/nsPop3Protocol.cpp
@@ -2207,32 +2207,32 @@ int32_t nsPop3Protocol::SendPassword()
   {
     m_pop3ConData->next_state = POP3_ERROR_DONE;
     return Error("pop3PasswordUndefined");
   }
   // </copied>
 
   nsAutoCString cmd;
   nsresult rv;
+  NS_ConvertUTF16toUTF8 passwordUTF8(m_passwordResult);
 
   if (m_currentAuthMethod == POP3_HAS_AUTH_NTLM)
     rv = DoNtlmStep2(m_commandResponse, cmd);
   else if (m_currentAuthMethod == POP3_HAS_AUTH_CRAM_MD5)
   {
     MOZ_LOG(POP3LOGMODULE, LogLevel::Debug, (POP3LOG("CRAM login")));
     char buffer[255 + 1 + 2 * DIGEST_LENGTH + 1];
     unsigned char digest[DIGEST_LENGTH];
 
     char *decodedChallenge = PL_Base64Decode(m_commandResponse.get(),
                                              m_commandResponse.Length(), nullptr);
 
     if (decodedChallenge)
       rv = MSGCramMD5(decodedChallenge, strlen(decodedChallenge),
-                      NS_ConvertUTF16toUTF8(m_passwordResult).get(),
-                      m_passwordResult.Length(), digest);
+                      passwordUTF8.get(), passwordUTF8.Length(), digest);
     else
       rv = NS_ERROR_NULL_POINTER;
 
     if (NS_SUCCEEDED(rv))
     {
       // The encoded digest is the hexadecimal representation of
       // DIGEST_LENGTH characters, so it will be twice that length.
       nsAutoCStringN<2 * DIGEST_LENGTH> encodedDigest;
@@ -2255,18 +2255,17 @@ int32_t nsPop3Protocol::SendPassword()
   }
   else if (m_currentAuthMethod == POP3_HAS_AUTH_APOP)
   {
     MOZ_LOG(POP3LOGMODULE, LogLevel::Debug, (POP3LOG("APOP login")));
     char buffer[5 + 255 + 1 + 2 * DIGEST_LENGTH + 1];
     unsigned char digest[DIGEST_LENGTH];
 
     rv = MSGApopMD5(m_ApopTimestamp.get(), m_ApopTimestamp.Length(),
-                    NS_ConvertUTF16toUTF8(m_passwordResult).get(),  // Or ASCII?
-                    m_passwordResult.Length(), digest);
+                    passwordUTF8.get(), passwordUTF8.Length(), digest);
 
     if (NS_SUCCEEDED(rv))
     {
       // The encoded digest is the hexadecimal representation of
       // DIGEST_LENGTH characters, so it will be twice that length.
       nsAutoCStringN<2 * DIGEST_LENGTH> encodedDigest;
 
       for (uint32_t j = 0; j < DIGEST_LENGTH; j++)
@@ -2302,38 +2301,36 @@ int32_t nsPop3Protocol::SendPassword()
       m_pop3ConData->pause_for_read = false;
       return 0;
     }
 
     char plain_string[513];
     memset(plain_string, 0, 513);
     PR_snprintf(&plain_string[1], 256, "%.255s", m_username.get());
     uint32_t len = std::min(m_username.Length(), 255u) + 2;  // We include two <NUL> characters.
-    NS_ConvertUTF16toUTF8 passwordUTF8(m_passwordResult);
     if (passwordUTF8.Length() > 255)  // RFC 4616: passwd; up to 255 octets
       passwordUTF8.Truncate(255);
     PR_snprintf(&plain_string[len], 256, "%s", passwordUTF8.get());
     len += passwordUTF8.Length();
 
     char *base64Str = PL_Base64Encode(plain_string, len, nullptr);
     cmd.Adopt(base64Str);
   }
   else if (m_currentAuthMethod == POP3_HAS_AUTH_LOGIN)
   {
     MOZ_LOG(POP3LOGMODULE, LogLevel::Debug, (POP3LOG("LOGIN password")));
-    NS_LossyConvertUTF16toASCII asciiPassword(m_passwordResult);
-    char * base64Str = PL_Base64Encode(asciiPassword.get(),
-                                       asciiPassword.Length(), nullptr);
+    char *base64Str = PL_Base64Encode(passwordUTF8.get(),
+                                      passwordUTF8.Length(), nullptr);
     cmd.Adopt(base64Str);
   }
   else if (m_currentAuthMethod == POP3_HAS_AUTH_USER)
   {
     MOZ_LOG(POP3LOGMODULE, LogLevel::Debug, (POP3LOG("PASS password")));
     cmd = "PASS ";
-    cmd += NS_LossyConvertUTF16toASCII(m_passwordResult);
+    cmd += passwordUTF8.get();
   }
   else
   {
     MOZ_LOG(POP3LOGMODULE, LogLevel::Error,
             (POP3LOG("In nsPop3Protocol::SendPassword(), m_currentAuthMethod is %X, "
                      "but that is unexpected"), m_currentAuthMethod));
     return Error("pop3AuthInternalError");
   }