[2/4] james-project git commit: JAMES-1954 Allow command injection detection when not yet SMTP sessions

Thu, 16 Mar 2017 06:44:53 -0700 

JAMES-1954 Allow command injection detection when not yet SMTP sessions


Project: http://git-wip-us.apache.org/repos/asf/james-project/repo
Commit: http://git-wip-us.apache.org/repos/asf/james-project/commit/19e2a150
Tree: http://git-wip-us.apache.org/repos/asf/james-project/tree/19e2a150
Diff: http://git-wip-us.apache.org/repos/asf/james-project/diff/19e2a150

Branch: refs/heads/master
Commit: 19e2a150d5a37e5b51836123f4c2465da7f45476
Parents: 190004b
Author: benwa <btell...@linagora.com>
Authored: Thu Mar 16 13:26:16 2017 +0700
Committer: benwa <btell...@linagora.com>
Committed: Thu Mar 16 13:27:38 2017 +0700

----------------------------------------------------------------------
 .../protocols/smtp/AllButStartTlsDelimiterChannelHandler.java      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/james-project/blob/19e2a150/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/AllButStartTlsDelimiterChannelHandler.java
----------------------------------------------------------------------
diff --git 
a/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/AllButStartTlsDelimiterChannelHandler.java
 
b/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/AllButStartTlsDelimiterChannelHandler.java
index cd3ae21..f371ecd 100644
--- 
a/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/AllButStartTlsDelimiterChannelHandler.java
+++ 
b/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/AllButStartTlsDelimiterChannelHandler.java
@@ -47,7 +47,7 @@ public class AllButStartTlsDelimiterChannelHandler extends 
DelimiterBasedFrameDe
     protected Object decode(ChannelHandlerContext ctx, Channel channel, 
ChannelBuffer buffer) throws Exception {
         SMTPSession session = (SMTPSession) 
pipeline.getContext(HandlerConstants.CORE_HANDLER).getAttachment();
 
-        if (session.needsCommandInjectionDetection()) {
+        if (session == null || session.needsCommandInjectionDetection()) {
             String trimedLowerCasedInput = 
readAll(buffer).trim().toLowerCase();
             if (hasCommandInjection(trimedLowerCasedInput)) {
                 throw new CommandInjectionDetectedException();


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org

Reply via email to