Bug 430608 - ssmtp cannot parse AuthPass with '=' or ':' in it
ssmtp cannot parse AuthPass with '=' or ':' in it
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: ssmtp (Show other bugs)
8
x86_64 Linux
low Severity medium
: ---
: ---
Assigned To: manuel wolfshant
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-01-28 19:04 EST by Andreas Dilger
Modified: 2008-11-26 21:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-11-26 12:09:34 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
don't use the parsed value, use the raw "rightside" value for password (412 bytes, patch)
2008-01-28 19:04 EST, Andreas Dilger
no flags Details | Diff

  None (edit)
Description Andreas Dilger 2008-01-28 19:04:53 EST
Description of problem:
The ssmtp config file parser strips out the '=' and ':' characters from the
AuthPass password.  It appears this is done because the code is trying to be
"generic" to pre-parse a port specified on the "MailHub" option, but this causes
silent failure of SMTP authentication due to sending a truncated password.

Version-Release number of selected component (if applicable):
ssmtp-2.61-11.5.fc8.1

How reproducible:
completely reproducible

Steps to Reproduce:
1. in /etc/ssmtp/ssmtp.conf set "AuthPass=Pass:Word=in:middle" where the actual
password is "Pass:Word=in:middle"
2. run ssmtp -d (+other sendmail options) to deliver an email
3. examine /var/log/maillog to see "Set AuthPass=Pass"
  
Actual results:
In /var/log/maillog "Set AuthPass=Pass" (and ssmtp delivery failure)

Expected results:
In /var/log/maillog "Set AuthPass=Pass:Word=in:middle" (and ssmtp delivery OK)

Additional info:
Patch to fix this for me to be attached.  It might also be desirable to examine
the other "values" to see if they can be similarly affected.
Comment 1 Andreas Dilger 2008-01-28 19:04:53 EST
Created attachment 293223 [details]
don't use the parsed value, use the raw "rightside" value for password
Comment 2 manuel wolfshant 2008-01-28 20:01:09 EST
I'll announce upstream
Comment 3 manuel wolfshant 2008-01-28 21:24:36 EST
The problems seems to be already known upstream, but they have not yet released
a patched version.

Could you please test using the rpms available (for rawhide) at
http://koji.fedoraproject.org/koji/getfile?taskID=379755&name=build.log ?
 In case you want to build your own, the src rpm is available at
http://wolfy.fedorapeople.org/ssmtp-2.61-11.6.fc7.src.rpm
Comment 4 manuel wolfshant 2008-01-28 21:26:08 EST
Sorry, I meant rpms available at
http://koji.fedoraproject.org/koji/taskinfo?taskID=379751
Comment 5 Andreas Dilger 2008-01-29 19:01:36 EST
(In reply to comment #3)
> The problems seems to be already known upstream, but they have not yet released
> a patched version.
> 
> Could you please test using the rpms available (for rawhide) at
> http://koji.fedoraproject.org/koji/getfile?taskID=379755&name=build.log ?
>  In case you want to build your own, the src rpm is available at
> http://wolfy.fedorapeople.org/ssmtp-2.61-11.6.fc7.src.rpm

The rawhide RPM doesn't install on my FC8 because of different library versions.
 I downloaded, built, and tested the .src.rpm and was able to reproduce the
broken behaviour (password being truncated).  Looking at the source code of this
release shows no changes in the parsing or handling of the auth_pass value at
all (it is still "tokenized" with = and : before being used), so I don't see any
way that the problem could be fixed.
Comment 6 manuel wolfshant 2008-01-30 09:24:12 EST
Bug reported upstream: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463196
Comment 7 Bug Zapper 2008-11-26 04:37:12 EST
This message is a reminder that Fedora 8 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 8.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '8'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 8's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 8 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 8 manuel wolfshant 2008-11-26 12:09:34 EST
patch applied in ssmtp-11.7 which show in the repos soon
Comment 9 Fedora Update System 2008-11-26 12:17:26 EST
ssmtp-2.61-11.7.fc8 has been submitted as an update for Fedora 8.
http://admin.fedoraproject.org/updates/ssmtp-2.61-11.7.fc8
Comment 10 Fedora Update System 2008-11-26 12:19:40 EST
ssmtp-2.61-11.7.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/ssmtp-2.61-11.7.fc9
Comment 11 Fedora Update System 2008-11-26 12:20:37 EST
ssmtp-2.61-11.7.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/ssmtp-2.61-11.7.fc10
Comment 12 Fedora Update System 2008-11-26 21:09:10 EST
ssmtp-2.61-11.7.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2008-11-26 21:10:01 EST
ssmtp-2.61-11.7.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 14 Fedora Update System 2008-11-26 21:11:00 EST
ssmtp-2.61-11.7.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.