pgoldstein 2002/08/11 23:19:01
Modified: src/java/org/apache/james/smtpserver SMTPHandler.java
src/java/org/apache/james/util Base64.java
Log:
This is a bugfix for bug #11256. Code was changes to properly handle
bad AUTH parameters in the SMTP transaction.
Revision Changes Path
1.21 +46 -11
jakarta-james/src/java/org/apache/james/smtpserver/SMTPHandler.java
Index: SMTPHandler.java
===================================================================
RCS file:
/home/cvs/jakarta-james/src/java/org/apache/james/smtpserver/SMTPHandler.java,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- SMTPHandler.java 10 Aug 2002 17:24:02 -0000 1.20
+++ SMTPHandler.java 12 Aug 2002 06:19:01 -0000 1.21
@@ -489,7 +489,7 @@
}
argument = argument.toUpperCase(Locale.US);
if (argument.equals("PLAIN")) {
- String userpass, user, pass;
+ String userpass = null, user = null, pass = null;
StringTokenizer authTokenizer;
if (argument1 == null) {
responseString = "334 OK. Continue authentication";
@@ -500,11 +500,26 @@
} else {
userpass = argument1.trim();
}
- authTokenizer = new
StringTokenizer(Base64.decodeAsString(userpass), "\0");
- user = authTokenizer.nextToken();
- pass = authTokenizer.nextToken();
+ try {
+ if (userpass != null) {
+ userpass = Base64.decodeAsString(userpass);
+ }
+ if (userpass != null) {
+ authTokenizer = new StringTokenizer(userpass, "\0");
+ user = authTokenizer.nextToken();
+ pass = authTokenizer.nextToken();
+ }
+ }
+ catch (Exception e) {
+ // Ignored - this exception in parsing will be dealt
+ // with in the if clause below
+ }
// Authenticate user
- if (users.test(user, pass)) {
+ if ((user == null) || (pass == null)) {
+ responseString = "501 Could not decode parameters for AUTH
PLAIN";
+ out.println(responseString);
+ out.flush();
+ } else if (users.test(user, pass)) {
state.put(AUTH, user);
responseString = "235 Authentication Successful";
out.println(responseString);
@@ -517,7 +532,7 @@
logResponseString(responseString);
return;
} else if (argument.equals("LOGIN")) {
- String user, pass;
+ String user = null, pass = null;
if (argument1 == null) {
responseString = "334 VXNlcm5hbWU6"; // base64 encoded
"Username:"
out.println(responseString);
@@ -527,14 +542,34 @@
} else {
user = argument1.trim();
}
- user = Base64.decodeAsString(user);
+ if (user != null) {
+ try {
+ user = Base64.decodeAsString(user);
+ } catch (Exception e) {
+ // Ignored - this parse error will be
+ // addressed in the if clause below
+ user = null;
+ }
+ }
responseString = "334 UGFzc3dvcmQ6"; // base64 encoded "Password:"
out.println(responseString);
out.flush();
logResponseString(responseString);
- pass = Base64.decodeAsString(in.readLine().trim());
+ pass = in.readLine().trim();
+ if (pass != null) {
+ try {
+ pass = Base64.decodeAsString(pass);
+ } catch (Exception e) {
+ // Ignored - this parse error will be
+ // addressed in the if clause below
+ pass = null;
+ }
+ }
// Authenticate user
- if (users.test(user, pass)) {
+ if ((user == null) || (pass == null)) {
+ responseString = "501 Could not decode parameters for AUTH
LOGIN";
+ out.println(responseString);
+ } else if (users.test(user, pass)) {
state.put(AUTH, user);
responseString = "235 Authentication Successful";
out.println(responseString);
1.4 +19 -12 jakarta-james/src/java/org/apache/james/util/Base64.java
Index: Base64.java
===================================================================
RCS file: /home/cvs/jakarta-james/src/java/org/apache/james/util/Base64.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- Base64.java 18 Jan 2002 02:48:39 -0000 1.3
+++ Base64.java 12 Aug 2002 06:19:01 -0000 1.4
@@ -33,23 +33,30 @@
}
public static String decodeAsString(String b64string) throws Exception {
- return decode(b64string).readLine().trim();
+ if (b64string == null) {
+ return b64string;
+ }
+ String returnString = decode(b64string).readLine();
+ if (returnString == null) {
+ return returnString;
+ }
+ return returnString.trim();
}
public static ByteArrayOutputStream encode(String plaintext)
throws Exception {
- ByteArrayOutputStream out = new ByteArrayOutputStream();
- byte[] in = plaintext.getBytes();
- ByteArrayOutputStream inStream = new ByteArrayOutputStream();
- inStream.write(in, 0, in.length);
- // pad
- if ((in.length % 3 ) == 1){
+ ByteArrayOutputStream out = new ByteArrayOutputStream();
+ byte[] in = plaintext.getBytes();
+ ByteArrayOutputStream inStream = new ByteArrayOutputStream();
+ inStream.write(in, 0, in.length);
+ // pad
+ if ((in.length % 3 ) == 1){
inStream.write(0);
inStream.write(0);
- } else if((in.length % 3 ) == 2){
+ } else if((in.length % 3 ) == 2){
inStream.write(0);
- }
- inStream.writeTo( MimeUtility.encode(out, "base64") );
+ }
+ inStream.writeTo( MimeUtility.encode(out, "base64") );
return out;
}
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
