Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
3.6.1
-
None
-
None
Description
The validation/jail break detection of a file url within DefaultJamesResourceLoader is breaking FileMailRepository initialization.
Within org.apache.james.container.spring.context.JamesServerApplicationContext:40 the resource loader is being initialized with root directory ../.
When attempting to intialize file mail repository with url file://var/mail/error, the validation of the file url will throw an IOException in org.apache.james.container.spring.resource.DefaultJamesResourceLoader.validate(DefaultJamesResourceLoader.java:51):
C:\SomeFolder\james-server-app-3.6.1\var\mail\error jail break outside of ../
As within JamesServerResourceLoader the root directory ../ is not resolved to a real path, the string startsWith checks within DefaultJamesResourceLoader.validate are failing and will throw an IOException.
2021-12-09T11:00:23.495 DEBUG [main] org.apache.james.container.spring.bean.factory.mailrepositorystore.MailRepositoryStoreBeanFactory - obtained repository: org.apache.james.mailrepository.file.FileMailRepository to handle: file 2021-12-09T11:00:23.502 DEBUG [main] org.apache.james.mailrepository.file.FileMailRepository - FileMailRepository.destinationURL: file://var/mail/error 2021-12-09T11:00:23.503 INFO [main] org.apache.james.repository.file.AbstractFileRepository - Init org.apache.james.repository.file.FilePersistentObjectRepository Store 2021-12-09T11:00:23.504 ERROR [main] org.apache.james.mailrepository.file.FileMailRepository - Failed to retrieve Store component org.apache.commons.configuration2.ex.ConfigurationException: Unable to acces destination file://var/mail/error at org.apache.james.repository.file.AbstractFileRepository.setDestination(AbstractFileRepository.java:151) ~[james-server-data-library-3.6.1.jar:3.6.1] at org.apache.james.repository.file.AbstractFileRepository.init(AbstractFileRepository.java:84) ~[james-server-data-library-3.6.1.jar:3.6.1] at org.apache.james.mailrepository.file.FileMailRepository.init(FileMailRepository.java:140) [james-server-data-file-3.6.1.jar:3.6.1] ... Caused by: java.io.IOException: C:\SomeFolder\james-server-app-3.6.1\var\mail\error jail break outside of ../ at org.apache.james.container.spring.resource.DefaultJamesResourceLoader.validate(DefaultJamesResourceLoader.java:51) ~[james-server-spring-3.6.1.jar:3.6.1] at org.apache.james.container.spring.context.JamesServerApplicationContext.validate(JamesServerApplicationContext.java:48) ~[james-server-spring-3.6.1.jar:3.6.1] at org.apache.james.container.spring.filesystem.ResourceLoaderFileSystem.getFileWithinBaseDir(ResourceLoaderFileSystem.java:63) ~[james-server-spring-3.6.1.jar:3.6.1] at org.apache.james.repository.file.AbstractFileRepository.setDestination(AbstractFileRepository.java:149) ~[james-server-data-library-3.6.1.jar:3.6.1]
Attachments
Attachments
Issue Links
- is broken by
-
JAMES-3646 Review of file based components
- Closed