Bug 1796: Allow empty password authentication with FTP servers that prompt for empty passwords

https://winscp.net/tracker/1796

Source commit: de30b2df2f7765dc01f9dbd551264240d1e0ce37

source/core/Common.cpp

@@ -35,7 +35,6 @@ const wchar_t TokenReplacement = wchar_t(true);
 const UnicodeString LocalInvalidChars(TraceInitStr(L"/\\:*?\"<>|"));
 const UnicodeString PasswordMask(TraceInitStr(L"***"));
 const UnicodeString Ellipsis(TraceInitStr(L"..."));
-const UnicodeString EmptyString(TraceInitStr(L"\1\1\1")); // magic
 //---------------------------------------------------------------------------
 UnicodeString ReplaceChar(UnicodeString Str, wchar_t A, wchar_t B)
 {
@@ -4014,16 +4013,6 @@ UnicodeString __fastcall GetFileMimeType(const UnicodeString & FileName)
   return Result;
 }
 //---------------------------------------------------------------------------
-UnicodeString NormalizeString(const UnicodeString & S)
-{
-  UnicodeString Result = S;
-  if (Result == EmptyString)
-  {
-    Result = UnicodeString();
-  }
-  return Result;
-}
-//---------------------------------------------------------------------------
 TStrings * TlsCipherList()
 {
   // OpenSSL initialization happens in NeonInitialize

source/core/Common.h

@@ -29,7 +29,6 @@ extern const wchar_t TokenReplacement;
 extern const UnicodeString LocalInvalidChars;
 extern const UnicodeString PasswordMask;
 extern const UnicodeString Ellipsis;
-extern const UnicodeString EmptyString;
 //---------------------------------------------------------------------------
 extern const UnicodeString HttpProtocol;
 extern const UnicodeString HttpsProtocol;
@@ -67,7 +66,6 @@ UnicodeString RemoveMainInstructionsTag(UnicodeString S);
 UnicodeString UnformatMessage(UnicodeString S);
 UnicodeString RemoveInteractiveMsgTag(UnicodeString S);
 UnicodeString RemoveEmptyLines(const UnicodeString & S);
-UnicodeString NormalizeString(const UnicodeString & S);
 bool IsNumber(const UnicodeString Str);
 extern const wchar_t NormalizedFingerprintSeparator;
 UnicodeString Base64ToUrlSafe(const UnicodeString & S);

source/core/FtpFileSystem.cpp

@@ -371,7 +371,7 @@ void __fastcall TFTPFileSystem::Open()
 
   UnicodeString HostName = Data->HostNameExpanded;
   UnicodeString UserName = Data->UserNameExpanded;
-  UnicodeString Password = NormalizeString(Data->Password);
+  UnicodeString Password = Data->Password;
   UnicodeString Account = Data->FtpAccount;
   UnicodeString Path = Data->RemoteDirectory;
   int ServerType;

source/core/Global.cpp

@@ -6,6 +6,18 @@
 //---------------------------------------------------------------------------
 #pragma package(smart_init)
 //---------------------------------------------------------------------------
+const UnicodeString EmptyString(TraceInitStr(L"\1\1\1")); // magic
+//---------------------------------------------------------------------------
+UnicodeString NormalizeString(const UnicodeString & S)
+{
+  UnicodeString Result = S;
+  if (Result == EmptyString)
+  {
+    Result = UnicodeString();
+  }
+  return Result;
+}
+//---------------------------------------------------------------------------
 // TGuard
 //---------------------------------------------------------------------------
 __fastcall TGuard::TGuard(TCriticalSection * ACriticalSection) :

source/core/Global.h

@@ -11,6 +11,10 @@
 //---------------------------------------------------------------------------
 #include <System.SyncObjs.hpp>
 //---------------------------------------------------------------------------
+extern const UnicodeString EmptyString;
+//---------------------------------------------------------------------------
+UnicodeString NormalizeString(const UnicodeString & S);
+//---------------------------------------------------------------------------
 class TGuard
 {
 public:

source/core/SessionInfo.cpp

@@ -1076,7 +1076,7 @@ UnicodeString __fastcall TSessionLog::LogSensitive(const UnicodeString & Str)
 {
   if (FConfiguration->LogSensitive && !Str.IsEmpty())
   {
-    return Str;
+    return NormalizeString(Str);
   }
   else
   {
@@ -1197,7 +1197,7 @@ void __fastcall TSessionLog::DoAddStartupInfo(TSessionData * Data)
     }
     ADF(L"Host name: %s (%sPort: %d)", (Data->HostNameExpanded, AddressFamily, Data->PortNumber));
     ADF(L"User name: %s (Password: %s, Key file: %s, Passphrase: %s)",
-      (Data->UserNameExpanded, LogSensitive(NormalizeString(Data->Password)),
+      (Data->UserNameExpanded, LogSensitive(Data->Password),
        LogSensitive(Data->PublicKeyFile), LogSensitive(Data->Passphrase)));
     if (Data->UsesSsh)
     {

source/filezilla/FtpControlSocket.cpp

@@ -558,6 +558,11 @@ void CFtpControlSocket::Connect(t_server &server)
   m_Operation.pData = new CLogonData();
 }
 
+static CString NormalizePass(const CString & pass)
+{
+  return CString(NormalizeString(UnicodeString(T2CW(pass))).c_str());
+}
+
 void CFtpControlSocket::LogOnToServer(BOOL bSkipReply /*=FALSE*/)
 {
   int logontype =
@@ -875,8 +880,9 @@ void CFtpControlSocket::LogOnToServer(BOOL bSkipReply /*=FALSE*/)
         for (int i = 0; i < m_CurrentServer.user.GetLength(); i++)
           if (m_CurrentServer.user.GetAt(i) > 127)
             asciiOnly = false;
-        for (int i = 0; i < m_CurrentServer.pass.GetLength(); i++)
-          if (m_CurrentServer.pass.GetAt(i) > 127)
+        CString pass = NormalizePass(m_CurrentServer.pass);
+        for (int i = 0; i < pass.GetLength(); i++)
+          if (pass.GetAt(i) > 127)
             asciiOnly = false;
         for (int i = 0; i < m_CurrentServer.account.GetLength(); i++)
           if (m_CurrentServer.account.GetAt(i) > 127)
@@ -1080,7 +1086,7 @@ void CFtpControlSocket::LogOnToServer(BOOL bSkipReply /*=FALSE*/)
       }
       else if (!needpass || pData->gotPassword)
       {
-        temp=L"PASS "+m_CurrentServer.pass;
+        temp=L"PASS "+NormalizePass(m_CurrentServer.pass);
       }
       else
       {
@@ -1135,7 +1141,7 @@ void CFtpControlSocket::LogOnToServer(BOOL bSkipReply /*=FALSE*/)
       }
       else if (!needpass || pData->gotPassword)
       {
-        temp=L"PASS "+m_CurrentServer.pass+L"@"+GetOption(OPTION_FWPASS);
+        temp=L"PASS "+NormalizePass(m_CurrentServer.pass)+L"@"+GetOption(OPTION_FWPASS);
       }
       else
       {