[
https://issues.apache.org/jira/browse/JAMES-3620?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17388546#comment-17388546
]
Benoit Tellier commented on JAMES-3620:
---------------------------------------
Ok, got it, we need to whitelist the commands before reigstrating them in the
hashmap.
This bug can be leveraged to mount DOS attacks via memory exhaustion.
> Memory leak at org.apache.james.protocols.smtp.core.AbstractHookableCmdHandler
> ------------------------------------------------------------------------------
>
> Key: JAMES-3620
> URL: https://issues.apache.org/jira/browse/JAMES-3620
> Project: James Server
> Issue Type: Improvement
> Components: Metrics, protocols, SMTPServer
> Reporter: tuister
> Priority: Blocker
> Original Estimate: 168h
> Remaining Estimate: 168h
>
> For each command, the command handler will use a timer record the rt. So, if
> someone input error commands, the command handler will create a new timer to
> record, this will cause memory leak.
> {code:java}
> //AbstractHookableCmdHandler#onCommand
> //see also org.apache.james.protocols.smtp.core.UnknownCmdHandler
> TimeMetric timeMetric = metricFactory.timer("SMTP-" +
> request.getCommand().toLowerCase(Locale.US));{code}
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
