Debian Bug report logs -
#463196
ssmtp cannot parse AuthPass with '=' or ':' in it
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#463196; Package ssmtp.
(full text, mbox, link).
Acknowledgement sent to manuel wolfshant <wolfy@fedoraproject.org>:
New Bug report received and forwarded. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: ssmtp
Version: 2.61-13
The ssmtp config file parser strips out the '=' and ':' characters from the
AuthPass password. It appears this is done because the code is trying to be
"generic" to pre-parse a port specified on the "MailHub" option, but this causes
silent failure of SMTP authentication due to sending a truncated password.
Steps to Reproduce:
1. in /etc/ssmtp/ssmtp.conf set "AuthPass=Pass:Word=in:middle" where the actual
password is "Pass:Word=in:middle"
2. run ssmtp -d (+other sendmail options) to deliver an email
3. examine /var/log/maillog to see "Set AuthPass=Pass"
Actual results:
In /var/log/maillog "Set AuthPass=Pass" (and ssmtp delivery failure)
Expected results:
In /var/log/maillog "Set AuthPass=Pass:Word=in:middle" (and ssmtp delivery OK)
Additional info:
The bug has been reported in https://bugzilla.redhat.com/show_bug.cgi?id=430608.
A patch written by the original reporter, Andreas Dilger (adilger@dilger.ca <mailto:adilger@dilger.ca>) is included below.
He also suggested auditing the code in order to see if other options might be similarly affected.
patch proposed by
--- ssmtp-2.61/ssmtp.c.orig 2008-01-21 14:10:54.000000000 -0700
+++ ssmtp-2.61/ssmtp.c 2008-01-21 15:17:15.000000000 -0700
@@ -1044,7 +1048,8 @@
}
}
else if(strcasecmp(p, "AuthPass") == 0 && !auth_pass) {
- if((auth_pass = strdup(q)) == (char *)NULL) {
+ auth_pass = firsttok(&rightside, " \n\t");
+ if(auth_pass == (char *)NULL) {
die("parse_config() -- strdup() failed");
}
I have tried to apply the patch from http://bugs.debian.org/448037 but it did not have the desired effect.
Best regards
manuel (maintainer of the Fedora and EPEL ssmtp package)
Tags added: patch
Request was from Aníbal Monsalve Salazar <anibal@debian.org>
to control@bugs.debian.org.
(Wed, 16 Apr 2008 12:18:31 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#463196; Package ssmtp.
(Thu, 25 Jul 2013 02:45:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Sokołowski Michał <msokolowski@inbox.com>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>.
(Thu, 25 Jul 2013 02:45:04 GMT) (full text, mbox, link).
Message #12 received at 463196@bugs.debian.org (full text, mbox, reply):
There is the same problem with "#".
I'm using last package from debian Lenny.
In my password "#" sign was at end of my password.
____________________________________________________________
GET FREE SMILEYS FOR YOUR IM & EMAIL - Learn more at http://www.inbox.com/smileys
Works with AIM®, MSN® Messenger, Yahoo!® Messenger, ICQ®, Google Talk™ and most webmails
Marked as found in versions ssmtp/2.64-8.
Request was from Reiner Herrmann <reiner@reiner-h.de>
to control@bugs.debian.org.
(Fri, 25 Oct 2019 16:42:04 GMT) (full text, mbox, link).
Merged 463196 768129
Request was from Reiner Herrmann <reiner@reiner-h.de>
to control@bugs.debian.org.
(Fri, 25 Oct 2019 16:42:06 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Jul 6 04:10:17 2024;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.