Bug 3325 - Password conversion from plaintext to encrypted does not handle ! as first char of plaintext password
Summary: Password conversion from plaintext to encrypted does not handle ! as first ch...
Status: RESOLVED WONTFIX
Alias: None
Product: Claws Mail
Classification: Unclassified
Component: Other (show other bugs)
Version: 3.10.1
Hardware: PC Linux
: P3 normal
Assignee: users
URL:
Depends on:
Blocks:
 
Reported: 2014-11-09 01:21 CET by Marvin
Modified: 2017-04-29 14:47 CEST (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marvin 2014-11-09 01:21:32 CET
Password conversion from plaintext to encrypted does not handle ! as first char of plaintext password. If you migrate from sylpheed to claws you will encounter this problem. Should be a simple fix, I haven't looked at the code.
Comment 1 Paul 2014-11-09 13:14:39 CET
(In reply to comment #0)
>  Should be a simple fix, I haven't looked at the code.

Waiting for your patch, in that case.
Comment 2 Marvin 2014-11-09 22:15:46 CET
Good point but maybe I meant "should be simple, for someone that knows the code".
Can you point me to the code to look at? I did look around a little.
Comment 3 Marvin 2014-11-10 20:08:31 CET
I've looked some more and ended up looking at passcrypt. I'm wondering if it's something to do with gchar which is c char which is by default signed on gcc but in passcrypt the crypt functions want unsigned.

When I encountered the problem my first thought was that some escaping of ! didn't happen somewhere but I don't find anything to support that thought.
Comment 4 Marvin 2014-11-13 18:26:02 CET
Ok nothing to do with signedness.  That's what -Wno-pointer-sign is for.

But I wonder if anyone seeing this bug report knew right away what the problem was/is.

I looked at .claws-mail/accountrc and notice that each encrypted password begins with a !

Like so:
password=!abdCeF10293=
smtp_password=!etcetcetc=
in_ssl_client_cert_pass=!fubarfoobarorbarfoo=
out_ssl_client_cert_pass=!yesnoormaybeyes=

Or like this when no password has been set:

password=!


Why this has to be I can guess at but maybe someone knows exactly why.

My guess:
someone decided to use ! as a demarcation for the beginning of a
base64 encoded encrypted password string.

And somewhere, while encrypting, the ! is removed from unencrypted password strings.
Comment 5 Marvin 2014-11-13 18:37:08 CET
I need to be explicit. And somewhere, while encrypting, the ! is removed from unencrypted password string when the ! occurs as the first char of the unecrypted password string.
Comment 6 Andrej Kacian 2017-04-29 14:47:45 CEST
When Claws Mail looks at the password in the preferences and sees it prefixed with '!', it assumes that what comes after the '!' is already encrypted. That is why this problem exists - if migrating from very old configuration, where passwords were stored directly in plaintext, any password starting with '!' will be problematic.

Unfortunately, at this point, I doubt anyone is going to spend their time fixing this corner case. Especially since Claws Mail has already moved on to yet another system for storing passwords.