This is an automated email from the ASF dual-hosted git repository.
btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
The following commit(s) were added to refs/heads/master by this push:
new b38df6f JAMES-3634 Sanitize invalid literal sie parsing
b38df6f is described below
commit b38df6f774f9c1e7eb2100dd06a27f6d6b2e2dd9
Author: Benoit Tellier <[email protected]>
AuthorDate: Tue Aug 24 14:30:00 2021 +0700
JAMES-3634 Sanitize invalid literal sie parsing
---
.../james/imap/decode/ImapRequestLineReader.java | 11 +++-
.../james/imap/decode/parser/SelectParserTest.java | 67 ++++++++++++++++++++++
2 files changed, 76 insertions(+), 2 deletions(-)
diff --git
a/protocols/imap/src/main/java/org/apache/james/imap/decode/ImapRequestLineReader.java
b/protocols/imap/src/main/java/org/apache/james/imap/decode/ImapRequestLineReader.java
index 9aa23fe..475966e 100644
---
a/protocols/imap/src/main/java/org/apache/james/imap/decode/ImapRequestLineReader.java
+++
b/protocols/imap/src/main/java/org/apache/james/imap/decode/ImapRequestLineReader.java
@@ -429,8 +429,15 @@ public abstract class ImapRequestLineReader {
commandContinuationRequest();
}
- int size = Integer.parseInt(digits.toString());
- return ImmutablePair.of(size, read(size, extraCRLF));
+ try {
+ int size = Integer.parseInt(digits.toString());
+ if (size < 0) {
+ throw new
DecodingException(HumanReadableText.ILLEGAL_ARGUMENTS, "Expected a valid
positive number as literal size");
+ }
+ return ImmutablePair.of(size, read(size, extraCRLF));
+ } catch (NumberFormatException e) {
+ throw new DecodingException(HumanReadableText.ILLEGAL_ARGUMENTS,
"Expected a valid positive number as literal size");
+ }
}
private String decode(Charset charset, ByteBuffer buffer) throws
DecodingException {
diff --git
a/protocols/imap/src/test/java/org/apache/james/imap/decode/parser/SelectParserTest.java
b/protocols/imap/src/test/java/org/apache/james/imap/decode/parser/SelectParserTest.java
new file mode 100644
index 0000000..e0a62b0
--- /dev/null
+++
b/protocols/imap/src/test/java/org/apache/james/imap/decode/parser/SelectParserTest.java
@@ -0,0 +1,67 @@
+/****************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one *
+ * or more contributor license agreements. See the NOTICE file *
+ * distributed with this work for additional information *
+ * regarding copyright ownership. The ASF licenses this file *
+ * to you under the Apache License, Version 2.0 (the *
+ * "License"); you may not use this file except in compliance *
+ * with the License. You may obtain a copy of the License at *
+ * *
+ * http://www.apache.org/licenses/LICENSE-2.0 *
+ * *
+ * Unless required by applicable law or agreed to in writing, *
+ * software distributed under the License is distributed on an *
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY *
+ * KIND, either express or implied. See the License for the *
+ * specific language governing permissions and limitations *
+ * under the License. *
+ ****************************************************************/
+
+package org.apache.james.imap.decode.parser;
+
+import static org.apache.james.imap.ImapFixture.TAG;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.Mockito.mock;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+
+import org.apache.james.imap.api.message.response.StatusResponseFactory;
+import org.apache.james.imap.decode.DecodingException;
+import org.apache.james.imap.decode.ImapRequestStreamLineReader;
+import org.junit.jupiter.api.Test;
+
+class SelectParserTest {
+ @Test
+ void emptyLiteralShouldThrow() {
+ SelectCommandParser parser = new
SelectCommandParser(mock(StatusResponseFactory.class));
+ String commandString = "{}";
+ InputStream inputStream = new
ByteArrayInputStream(commandString.getBytes());
+ ImapRequestStreamLineReader lineReader = new
ImapRequestStreamLineReader(inputStream, null);
+
+ assertThatThrownBy(() -> parser.decode(lineReader, TAG, null))
+ .isInstanceOf(DecodingException.class);
+ }
+
+ @Test
+ void negativeLiteralShouldThrow() {
+ SelectCommandParser parser = new
SelectCommandParser(mock(StatusResponseFactory.class));
+ String commandString = "{-1}";
+ InputStream inputStream = new
ByteArrayInputStream(commandString.getBytes());
+ ImapRequestStreamLineReader lineReader = new
ImapRequestStreamLineReader(inputStream, null);
+
+ assertThatThrownBy(() -> parser.decode(lineReader, TAG, null))
+ .isInstanceOf(DecodingException.class);
+ }
+
+ @Test
+ void invalidLiteralShouldThrow() {
+ SelectCommandParser parser = new
SelectCommandParser(mock(StatusResponseFactory.class));
+ String commandString = "{invalid}";
+ InputStream inputStream = new
ByteArrayInputStream(commandString.getBytes());
+ ImapRequestStreamLineReader lineReader = new
ImapRequestStreamLineReader(inputStream, null);
+
+ assertThatThrownBy(() -> parser.decode(lineReader, TAG, null))
+ .isInstanceOf(DecodingException.class);
+ }
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
