[JAMES-1724] JPAUsersRepository fails with exception when login via SMTP contains \0 symbol - ASF JIRA

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: SMTPServer
Labels:
- easyfix
- security

Description

JPAUsersRepository throws exception if login provided in AUTH request contains zero symbol (\0).

Precondition:
James must use JPA store.

Steps to reproduce:
Connect to server via SMTP and execute commands:
HELO servername
AUTH LOGIN
AA==
AA==

Actual behavior:
Server refuses login (good) and throws exception (not good).
Exception log:

INFO   | jvm 1    | 2016/04/21 00:34:01 | org.apache.james.user.api.UsersRepositoryException: Unable to search user
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.james.user.jpa.JPAUsersRepository.getUserByName(JPAUsersRepository.java:84)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.james.user.jpa.JPAUsersRepository.test(JPAUsersRepository.java:202)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.james.smtpserver.UsersRepositoryAuthHook.doAuth(UsersRepositoryAuthHook.java:64)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.doAuthTest(AuthCmdHandler.java:350)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.doLoginAuthPassCheck(AuthCmdHandler.java:319)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.access$400(AuthCmdHandler.java:60)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler$3.onCommand(AuthCmdHandler.java:297)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler$AbstractSMTPLineHandler.handleCommand(AuthCmdHandler.java:106)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler$AbstractSMTPLineHandler.onLine(AuthCmdHandler.java:88)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler$AbstractSMTPLineHandler.onLine(AuthCmdHandler.java:76)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.james.protocols.netty.LineHandlerUpstreamHandler.messageReceived(LineHandlerUpstreamHandler.java:50)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:75)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:558)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:777)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.jboss.netty.channel.SimpleChannelUpstreamHandler.messageReceived(SimpleChannelUpstreamHandler.java:129)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:75)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:558)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:777)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.jboss.netty.handler.execution.ChannelUpstreamEventRunnable.run(ChannelUpstreamEventRunnable.java:44)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.jboss.netty.handler.execution.OrderedMemoryAwareThreadPoolExecutor$ChildExecutor.run(OrderedMemoryAwareThreadPoolExecutor.java:312)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at java.lang.Thread.run(Thread.java:745)
INFO   | jvm 1    | 2016/04/21 00:34:01 | Caused by: <openjpa-2.2.1-r422266:1396819 fatal general error> org.apache.openjpa.persistence.PersistenceException: ERROR: invalid byte sequence for encoding "UTF8": 0x00 {prepstmnt 20859541 SELECT t0.user_name, t0.version, t0.password_hash_algorithm, t0.password FROM public.JAMES_USER t0 WHERE (t0.user_name = ?)} [code=0, state=22021]
INFO   | jvm 1    | 2016/04/21 00:34:01 | FailedObject: SELECT user FROM JamesUser user WHERE user.name=:name [java.lang.String]
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.sql.DBDictionary.narrow(DBDictionary.java:4958)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.sql.DBDictionary.newStoreException(DBDictionary.java:4918)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.sql.SQLExceptions.getStore(SQLExceptions.java:136)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.sql.SQLExceptions.getStore(SQLExceptions.java:118)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.sql.SQLExceptions.getStore(SQLExceptions.java:70)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.kernel.SelectResultObjectProvider.handleCheckedException(SelectResultObjectProvider.java:155)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.lib.rop.EagerResultList.<init>(EagerResultList.java:40)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.kernel.QueryImpl.toResult(QueryImpl.java:1251)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.kernel.QueryImpl.execute(QueryImpl.java:1007)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.kernel.QueryImpl.execute(QueryImpl.java:863)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.kernel.QueryImpl.execute(QueryImpl.java:794)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.kernel.DelegatingQuery.execute(DelegatingQuery.java:542)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.persistence.QueryImpl.execute(QueryImpl.java:286)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.persistence.QueryImpl.getResultList(QueryImpl.java:302)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.persistence.QueryImpl.getSingleResult(QueryImpl.java:330)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.james.user.jpa.JPAUsersRepository.getUserByName(JPAUsersRepository.java:79)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	... 22 more
INFO   | jvm 1    | 2016/04/21 00:34:01 | Caused by: org.apache.openjpa.lib.jdbc.ReportingSQLException: ERROR: invalid byte sequence for encoding "UTF8": 0x00 {prepstmnt 20859541 SELECT t0.user_name, t0.version, t0.password_hash_algorithm, t0.password FROM public.JAMES_USER t0 WHERE (t0.user_name = ?)} [code=0, state=22021]
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator.wrap(LoggingConnectionDecorator.java:219)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator.wrap(LoggingConnectionDecorator.java:203)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator.access$700(LoggingConnectionDecorator.java:59)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator$LoggingConnection$LoggingPreparedStatement.executeQuery(LoggingConnectionDecorator.java:1118)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.lib.jdbc.DelegatingPreparedStatement.executeQuery(DelegatingPreparedStatement.java:265)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.sql.PostgresDictionary$PostgresPreparedStatement.executeQuery(PostgresDictionary.java:1019)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.lib.jdbc.DelegatingPreparedStatement.executeQuery(DelegatingPreparedStatement.java:265)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.kernel.JDBCStoreManager$CancelPreparedStatement.executeQuery(JDBCStoreManager.java:1774)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.lib.jdbc.DelegatingPreparedStatement.executeQuery(DelegatingPreparedStatement.java:255)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.sql.SelectImpl.executeQuery(SelectImpl.java:499)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.sql.SelectImpl.execute(SelectImpl.java:424)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.sql.SelectImpl.execute(SelectImpl.java:391)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.sql.LogicalUnion$UnionSelect.execute(LogicalUnion.java:427)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.sql.LogicalUnion.execute(LogicalUnion.java:230)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.sql.LogicalUnion.execute(LogicalUnion.java:220)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.kernel.SelectResultObjectProvider.open(SelectResultObjectProvider.java:94)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.lib.rop.EagerResultList.<init>(EagerResultList.java:34)
INFO   | jvm 1    | 2016/04/21 00:34:01 | 	... 31 more
INFO   | jvm 1    | 2016/04/21 00:34:01 | ERROR 01:34:01,751 | james.smtpserver | Id='8528085' User='' AUTH method LOGIN failed from

JPAUsersRepository fails with exception when login via SMTP contains \0 symbol

Details

Description

Attachments

Activity

People

Dates