Bug 970123

Summary: AuthPass value containing '=' fails to authenticate
Product: [Fedora] Fedora Reporter: Steeve McCauley <steeve.mccauley>
Component: ssmtpAssignee: manuel wolfshant <manuel.wolfshant>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 18CC: manuel.wolfshant
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ssmtp-2.64-7.fc19 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-07-04 00:52:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Steeve McCauley 2013-06-03 13:44:34 UTC 
Description of problem:

Version-Release number of selected component (if applicable):
ssmtp-2.64-5.fc18.src.rpm

How reproducible:

Set an AuthPass password containing an '=' and attempt to authenticate.

Steps to Reproduce:
1. set AuthPass value (after '=') with a password containing an '='
2. attempt to send mail
3.

Actual results:

Authentication failed.

Expected results:

Authentication success.

Additional info:

The source code seems to use the same delimiters to get the token (key) as it does to get its value.  The delimiters are set to "= \t\n" for parsing out both the key and the value.

This looks like a regression of bug id #430608.
Comment 1 Steeve McCauley 2013-06-03 15:00:46 UTC 
I noticed that in fedora 17 there were a bunch of patches applied to this package, but apparently are not included in f18.

This patch in particular would solve this issue,

diff -up ssmtp-2.61/ssmtp.c.orig ssmtp-2.61/ssmtp.c
--- ssmtp-2.61/ssmtp.c.orig	2008-11-26 17:27:29.000000000 +0200
+++ ssmtp-2.61/ssmtp.c	2008-11-26 17:25:36.000000000 +0200
@@ -1051,7 +1051,8 @@ bool_t read_config()
 				}
 			}
 			else if(strcasecmp(p, "AuthPass") == 0 && !auth_pass) {
-				if((auth_pass = strdup(q)) == (char *)NULL) {
+				auth_pass = firsttok(&rightside, " \n\t");
+				if(auth_pass  == (char *)NULL) {
 					die("parse_config() -- strdup() failed");
 				}
Comment 2 Fedora Update System 2013-06-06 14:10:22 UTC 
ssmtp-2.64-7.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/ssmtp-2.64-7.fc18
Comment 3 Fedora Update System 2013-06-07 02:59:01 UTC 
Package ssmtp-2.64-7.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing ssmtp-2.64-7.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-10229/ssmtp-2.64-7.fc18
then log in and leave karma (feedback).
Comment 4 Fedora Update System 2013-06-08 20:56:30 UTC 
ssmtp-2.64-7.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/ssmtp-2.64-7.fc19
Comment 5 Fedora Update System 2013-07-04 00:52:26 UTC 
ssmtp-2.64-7.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2013-07-04 01:00:20 UTC 
ssmtp-2.64-7.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.