JAMES-1954 Allow command injection detection when not yet SMTP sessions
Project: http://git-wip-us.apache.org/repos/asf/james-project/repo Commit: http://git-wip-us.apache.org/repos/asf/james-project/commit/19e2a150 Tree: http://git-wip-us.apache.org/repos/asf/james-project/tree/19e2a150 Diff: http://git-wip-us.apache.org/repos/asf/james-project/diff/19e2a150 Branch: refs/heads/master Commit: 19e2a150d5a37e5b51836123f4c2465da7f45476 Parents: 190004b Author: benwa <btell...@linagora.com> Authored: Thu Mar 16 13:26:16 2017 +0700 Committer: benwa <btell...@linagora.com> Committed: Thu Mar 16 13:27:38 2017 +0700 ---------------------------------------------------------------------- .../protocols/smtp/AllButStartTlsDelimiterChannelHandler.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/james-project/blob/19e2a150/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/AllButStartTlsDelimiterChannelHandler.java ---------------------------------------------------------------------- diff --git a/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/AllButStartTlsDelimiterChannelHandler.java b/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/AllButStartTlsDelimiterChannelHandler.java index cd3ae21..f371ecd 100644 --- a/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/AllButStartTlsDelimiterChannelHandler.java +++ b/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/AllButStartTlsDelimiterChannelHandler.java @@ -47,7 +47,7 @@ public class AllButStartTlsDelimiterChannelHandler extends DelimiterBasedFrameDe protected Object decode(ChannelHandlerContext ctx, Channel channel, ChannelBuffer buffer) throws Exception { SMTPSession session = (SMTPSession) pipeline.getContext(HandlerConstants.CORE_HANDLER).getAttachment(); - if (session.needsCommandInjectionDetection()) { + if (session == null || session.needsCommandInjectionDetection()) { String trimedLowerCasedInput = readAll(buffer).trim().toLowerCase(); if (hasCommandInjection(trimedLowerCasedInput)) { throw new CommandInjectionDetectedException(); --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org