Package: ssmtp
Version: 2.61-13
The ssmtp config file parser strips out the '=' and ':' characters from the
AuthPass password. It appears this is done because the code is trying to be
"generic" to pre-parse a port specified on the "MailHub" option, but this causes
silent failure of SMTP authentication due to sending a truncated password.
Steps to Reproduce:
1. in /etc/ssmtp/ssmtp.conf set "AuthPass=Pass:Word=in:middle" where the actual
password is "Pass:Word=in:middle"
2. run ssmtp -d (+other sendmail options) to deliver an email
3. examine /var/log/maillog to see "Set AuthPass=Pass"
Actual results:
In /var/log/maillog "Set AuthPass=Pass" (and ssmtp delivery failure)
Expected results:
In /var/log/maillog "Set AuthPass=Pass:Word=in:middle" (and ssmtp delivery OK)
Additional info:
The bug has been reported in https://bugzilla.redhat.com/show_bug.cgi?id=430608.
A patch written by the original reporter, Andreas Dilger ([EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>) is included below.
He also suggested auditing the code in order to see if other options might be
similarly affected.
patch proposed by
--- ssmtp-2.61/ssmtp.c.orig 2008-01-21 14:10:54.000000000 -0700
+++ ssmtp-2.61/ssmtp.c 2008-01-21 15:17:15.000000000 -0700
@@ -1044,7 +1048,8 @@
}
}
else if(strcasecmp(p, "AuthPass") == 0 && !auth_pass) {
- if((auth_pass = strdup(q)) == (char *)NULL) {
+ auth_pass = firsttok(&rightside, " \n\t");
+ if(auth_pass == (char *)NULL) {
die("parse_config() -- strdup()
failed");
}
I have tried to apply the patch from http://bugs.debian.org/448037 but it did
not have the desired effect.
Best regards
manuel (maintainer of the Fedora and EPEL ssmtp package)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
