Uploaded image for project: 'James Server'
  1. James Server
  2. JAMES-47

SMTP server unexpectedly kills connection when received bad parameter for SMTP AUTH

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Resolution: Fixed
    • 2.0a3
    • None
    • SMTPServer
    • None
    • Operating System: Other
      Platform: Other
    • 11256

    Description

      As reported by Christian Schafer:

      1027873583831 [INFO ] (smtpserver): Connection from 127.0.0.1 (127.0.0.1)
      1027873597551 [INFO ] (smtpserver): Command received: EHLO cgshome
      1027873602788 [INFO ] (smtpserver): Command received: AUTH LOGIN
      1027873606664 [DEBUG ] (smtpserver): Exception opening socket: null
      java.lang.NullPointerException
      at org.apache.james.util.Base64.decodeAsString(Base64.java:36)
      at org.apache.james.smtpserver.SMTPHandler.doAUTH(SMTPHandler.java:350)
      at org.apache.james.smtpserver.SMTPHandler.parseCommand
      (SMTPHandler.java:238)
      at org.apache.james.smtpserver.SMTPHandler.handleConnection
      (SMTPHandler.java:163)
      at org.apache.avalon.cornerstone.blocks.connection.ConnectionRunner.run
      (Connection.java:167)
      at org.apache.avalon.excalibur.thread.impl.ExecutableRunnable.execute
      (ExecutableRunnable.java:47)
      at org.apache.avalon.excalibur.thread.impl.WorkerThread.run
      (WorkerThread.java:86)

      null-pointer exception if username is not base64.
      connection terminated.
      .. well the connection should not terminate here i think ?

      rfc2554:
      If the server cannot BASE64 decode the argument, it rejects the
      AUTH command with a 501 reply. If the server rejects the
      authentication data, it SHOULD reject the AUTH command with a
      535 reply unless a more specific error code

      .) same thing for plain:

      1027876424636 [INFO ] (smtpserver): Connection from 127.0.0.1 (127.0.0.1)
      1027876453457 [INFO ] (smtpserver): Command received: EHLO cgshome
      1027876460437 [INFO ] (smtpserver): Command received: AUTH PLAIN
      1027876473476 [DEBUG ] (smtpserver): Exception opening socket: null
      java.util.NoSuchElementException
      at java.util.StringTokenizer.nextToken(Unknown Source)
      at org.apache.james.smtpserver.SMTPHandler.doAUTH(SMTPHandler.java:331)
      at org.apache.james.smtpserver.SMTPHandler.parseCommand
      (SMTPHandler.java:238)
      at org.apache.james.smtpserver.SMTPHandler.handleConnection
      (SMTPHandler.java:163)
      at org.apache.avalon.cornerstone.blocks.connection.ConnectionRunner.run
      (Connection.java:167)
      at org.apache.avalon.excalibur.thread.impl.ExecutableRunnable.execute
      (ExecutableRunnable.java:47)
      at org.apache.avalon.excalibur.thread.impl.WorkerThread.run
      (WorkerThread.java:86)

      auth plain with no base64 or invalid username.
      connection terminated.

      -----------------------

      The behavior is fairly simple - an invalid argument passed into AUTH PLAIN or
      AUTH LOGIN will generate various exceptions that are uncaught by the doAuth
      method of SMTPHandler.java. They are thrown up to handleConnection, which
      closes the connection upon receiving the exception. These exceptions need to
      be caught in situ and the appropriate return code generated and sent.

      Attachments

        Activity

          People

            Unassigned Unassigned
            farsight@alum.mit.edu Peter M. Goldstein
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: