GNU bug report logs - #34458
27.0.50; Gnus's nnimap truncates password

Previous Next

Package: emacs;

Reported by: Amin Bandali <bandali <at> gnu.org>

Date: Tue, 12 Feb 2019 16:50:02 UTC

Severity: normal

Tags: fixed

Found in version 27.0.50

Fixed in version 27.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Amin Bandali <bandali <at> gnu.org>
Cc: 34458 <at> debbugs.gnu.org
Subject: bug#34458: 27.0.50; Gnus's nnimap truncates password
Date: Thu, 04 Jul 2019 15:23:55 +0200

Amin Bandali <bandali <at> gnu.org> writes:

> Have you tried reproducing this on your end?

No, but the code is:

(defun nnimap-login (user password)
  (cond
   ;; Prefer plain LOGIN if it's enabled (since it requires fewer
   ;; round trips than CRAM-MD5, and it's less likely to be buggy),
   ;; and we're using an encrypted connection.
   ((and (not (nnimap-capability "LOGINDISABLED"))

[...]

    (nnimap-command "LOGIN %S %S" user password))

[...]

   ((and (not (nnimap-capability "LOGINDISABLED"))

[...]

    (nnimap-command "LOGIN %S %S" user password))
   ((and (nnimap-capability "AUTH=PLAIN")

[...]

    (nnimap-command
     "AUTHENTICATE PLAIN %s"
     (base64-encode-string
      (format "\000%s\000%s"
	      (nnimap-quote-specials user)
	      (nnimap-quote-specials password)))))))

so if you're using any of the plain LOGIN things to the IMAP server,
there's really no code in there that I can see that can truncate
anything...

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
This bug report was last modified 5 years and 309 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.