Invalid handling of SMTP "AUTH PLAIN" (SASL) strings
Brought to you by:
mguessan
Menu
▾
▴
#417 Invalid handling of SMTP "AUTH PLAIN" (SASL) strings
DavMail presupposes that SMTP "AUTH PLAIN" (SASL) authorization string is given in a two-part format "username\000password" (with a possibility for a a leading zero). However, e.g. RFC 2595 describes AUTH PLAIN to be given as a three-part string by default:
"The client sends the authorization identity (identity to login as), followed by a US-ASCII NUL character, followed by the authentication identity (identity whose password will be used), followed by a US-ASCII NUL character, followed by the clear-text password. The client may leave the authorization identity empty to indicate that it is the same as the authentication identity." (http://www.rfc-editor.org/rfc/rfc2595.txt, chapter 6)
For example, the e-mail client Sparrow uses AUTH PLAIN/SASL for SMTP authentication with the authorization string formatted as "username\000username\000password", which causes incompatibility with DavMail, and renders in the log as relatively indescriptive error messages ("EWS end point not available" or such).
The bug could be easily fixed in the function decodeCredentials in SmtpConnection.java (working example attached).
Patch example
Patch merged, thanks for your contribution
Thanks!