All,
This bug was reported on the james-user list. From the bug description: > The behavior is fairly simple - an invalid argument passed into AUTH PLAIN > or > AUTH LOGIN will generate various exceptions that are uncaught by the > doAuth > method of SMTPHandler.java. They are thrown up to handleConnection, which > closes the connection upon receiving the exception. These exceptions need > to > be caught in situ and the appropriate return code generated and sent. I've got a fix for this one in place and am testing. --Peter > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 29, 2002 10:57 AM > To: [EMAIL PROTECTED] > Subject: DO NOT REPLY [Bug 11256] New: - SMTP server unexpectedly kills > connection when received bad parameter for SMTP AUTH > > DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG > RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT > <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11256>. > ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND > INSERTED IN THE BUG DATABASE. > > http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11256 > > SMTP server unexpectedly kills connection when received bad parameter for > SMTP AUTH > > Summary: SMTP server unexpectedly kills connection when > received > bad parameter for SMTP AUTH > Product: James > Version: 2.0a3 > Platform: Other > OS/Version: Other > Status: NEW > Severity: Normal > Priority: Other > Component: SMTPServer > AssignedTo: [EMAIL PROTECTED] > ReportedBy: [EMAIL PROTECTED] > > > As reported by Christian Schafer: > > 1027873583831 [INFO ] (smtpserver): Connection from 127.0.0.1 > (127.0.0.1) > 1027873597551 [INFO ] (smtpserver): Command received: EHLO cgshome > 1027873602788 [INFO ] (smtpserver): Command received: AUTH LOGIN > 1027873606664 [DEBUG ] (smtpserver): Exception opening socket: null > java.lang.NullPointerException > at org.apache.james.util.Base64.decodeAsString(Base64.java:36) > at > org.apache.james.smtpserver.SMTPHandler.doAUTH(SMTPHandler.java:350) > at org.apache.james.smtpserver.SMTPHandler.parseCommand > (SMTPHandler.java:238) > at org.apache.james.smtpserver.SMTPHandler.handleConnection > (SMTPHandler.java:163) > at > org.apache.avalon.cornerstone.blocks.connection.ConnectionRunner.run > (Connection.java:167) > at > org.apache.avalon.excalibur.thread.impl.ExecutableRunnable.execute > (ExecutableRunnable.java:47) > at org.apache.avalon.excalibur.thread.impl.WorkerThread.run > (WorkerThread.java:86) > > > null-pointer exception if username is not base64. > connection terminated. > .. well the connection should not terminate here i think ? > > rfc2554: > If the server cannot BASE64 decode the argument, it rejects the > AUTH command with a 501 reply. If the server rejects the > authentication data, it SHOULD reject the AUTH command with a > 535 reply unless a more specific error code > > > .) same thing for plain: > > > 1027876424636 [INFO ] (smtpserver): Connection from 127.0.0.1 > (127.0.0.1) > 1027876453457 [INFO ] (smtpserver): Command received: EHLO cgshome > 1027876460437 [INFO ] (smtpserver): Command received: AUTH PLAIN > 1027876473476 [DEBUG ] (smtpserver): Exception opening socket: null > java.util.NoSuchElementException > at java.util.StringTokenizer.nextToken(Unknown Source) > at > org.apache.james.smtpserver.SMTPHandler.doAUTH(SMTPHandler.java:331) > at org.apache.james.smtpserver.SMTPHandler.parseCommand > (SMTPHandler.java:238) > at org.apache.james.smtpserver.SMTPHandler.handleConnection > (SMTPHandler.java:163) > at > org.apache.avalon.cornerstone.blocks.connection.ConnectionRunner.run > (Connection.java:167) > at > org.apache.avalon.excalibur.thread.impl.ExecutableRunnable.execute > (ExecutableRunnable.java:47) > at org.apache.avalon.excalibur.thread.impl.WorkerThread.run > (WorkerThread.java:86) > > > auth plain with no base64 or invalid username. > connection terminated. > > ----------------------- > > The behavior is fairly simple - an invalid argument passed into AUTH PLAIN > or > AUTH LOGIN will generate various exceptions that are uncaught by the > doAuth > method of SMTPHandler.java. They are thrown up to handleConnection, which > closes the connection upon receiving the exception. These exceptions need > to > be caught in situ and the appropriate return code generated and sent. > > -- > To unsubscribe, e-mail: <mailto:james-dev- > [EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:james-dev- > [EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
