You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by bu...@apache.org on 2002/07/29 19:56:55 UTC
DO NOT REPLY [Bug 11256] New: -
SMTP server unexpectedly kills connection when received bad parameter for SMTP AUTH
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11256>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11256
SMTP server unexpectedly kills connection when received bad parameter for SMTP AUTH
Summary: SMTP server unexpectedly kills connection when received
bad parameter for SMTP AUTH
Product: James
Version: 2.0a3
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: Other
Component: SMTPServer
AssignedTo: james-dev@jakarta.apache.org
ReportedBy: farsight@alum.mit.edu
As reported by Christian Schafer:
1027873583831 [INFO ] (smtpserver): Connection from 127.0.0.1 (127.0.0.1)
1027873597551 [INFO ] (smtpserver): Command received: EHLO cgshome
1027873602788 [INFO ] (smtpserver): Command received: AUTH LOGIN
1027873606664 [DEBUG ] (smtpserver): Exception opening socket: null
java.lang.NullPointerException
at org.apache.james.util.Base64.decodeAsString(Base64.java:36)
at org.apache.james.smtpserver.SMTPHandler.doAUTH(SMTPHandler.java:350)
at org.apache.james.smtpserver.SMTPHandler.parseCommand
(SMTPHandler.java:238)
at org.apache.james.smtpserver.SMTPHandler.handleConnection
(SMTPHandler.java:163)
at org.apache.avalon.cornerstone.blocks.connection.ConnectionRunner.run
(Connection.java:167)
at org.apache.avalon.excalibur.thread.impl.ExecutableRunnable.execute
(ExecutableRunnable.java:47)
at org.apache.avalon.excalibur.thread.impl.WorkerThread.run
(WorkerThread.java:86)
null-pointer exception if username is not base64.
connection terminated.
.. well the connection should not terminate here i think ?
rfc2554:
If the server cannot BASE64 decode the argument, it rejects the
AUTH command with a 501 reply. If the server rejects the
authentication data, it SHOULD reject the AUTH command with a
535 reply unless a more specific error code
.) same thing for plain:
1027876424636 [INFO ] (smtpserver): Connection from 127.0.0.1 (127.0.0.1)
1027876453457 [INFO ] (smtpserver): Command received: EHLO cgshome
1027876460437 [INFO ] (smtpserver): Command received: AUTH PLAIN
1027876473476 [DEBUG ] (smtpserver): Exception opening socket: null
java.util.NoSuchElementException
at java.util.StringTokenizer.nextToken(Unknown Source)
at org.apache.james.smtpserver.SMTPHandler.doAUTH(SMTPHandler.java:331)
at org.apache.james.smtpserver.SMTPHandler.parseCommand
(SMTPHandler.java:238)
at org.apache.james.smtpserver.SMTPHandler.handleConnection
(SMTPHandler.java:163)
at org.apache.avalon.cornerstone.blocks.connection.ConnectionRunner.run
(Connection.java:167)
at org.apache.avalon.excalibur.thread.impl.ExecutableRunnable.execute
(ExecutableRunnable.java:47)
at org.apache.avalon.excalibur.thread.impl.WorkerThread.run
(WorkerThread.java:86)
auth plain with no base64 or invalid username.
connection terminated.
-----------------------
The behavior is fairly simple - an invalid argument passed into AUTH PLAIN or
AUTH LOGIN will generate various exceptions that are uncaught by the doAuth
method of SMTPHandler.java. They are thrown up to handleConnection, which
closes the connection upon receiving the exception. These exceptions need to
be caught in situ and the appropriate return code generated and sent.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: DO NOT REPLY [Bug 11256] New: - SMTP server unexpectedly kills connection when received bad parameter for SMTP AUTH
Posted by "Peter M. Goldstein" <pe...@yahoo.com>.
All,
This bug was reported on the james-user list. From the bug description:
> The behavior is fairly simple - an invalid argument passed into AUTH
PLAIN
> or
> AUTH LOGIN will generate various exceptions that are uncaught by the
> doAuth
> method of SMTPHandler.java. They are thrown up to handleConnection,
which
> closes the connection upon receiving the exception. These exceptions
need
> to
> be caught in situ and the appropriate return code generated and sent.
I've got a fix for this one in place and am testing.
--Peter
> -----Original Message-----
> From: bugzilla@apache.org [mailto:bugzilla@apache.org]
> Sent: Monday, July 29, 2002 10:57 AM
> To: james-dev@jakarta.apache.org
> Subject: DO NOT REPLY [Bug 11256] New: - SMTP server unexpectedly
kills
> connection when received bad parameter for SMTP AUTH
>
> DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
> RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
> <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11256>.
> ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
> INSERTED IN THE BUG DATABASE.
>
> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11256
>
> SMTP server unexpectedly kills connection when received bad parameter
for
> SMTP AUTH
>
> Summary: SMTP server unexpectedly kills connection when
> received
> bad parameter for SMTP AUTH
> Product: James
> Version: 2.0a3
> Platform: Other
> OS/Version: Other
> Status: NEW
> Severity: Normal
> Priority: Other
> Component: SMTPServer
> AssignedTo: james-dev@jakarta.apache.org
> ReportedBy: farsight@alum.mit.edu
>
>
> As reported by Christian Schafer:
>
> 1027873583831 [INFO ] (smtpserver): Connection from 127.0.0.1
> (127.0.0.1)
> 1027873597551 [INFO ] (smtpserver): Command received: EHLO cgshome
> 1027873602788 [INFO ] (smtpserver): Command received: AUTH LOGIN
> 1027873606664 [DEBUG ] (smtpserver): Exception opening socket: null
> java.lang.NullPointerException
> at org.apache.james.util.Base64.decodeAsString(Base64.java:36)
> at
> org.apache.james.smtpserver.SMTPHandler.doAUTH(SMTPHandler.java:350)
> at org.apache.james.smtpserver.SMTPHandler.parseCommand
> (SMTPHandler.java:238)
> at org.apache.james.smtpserver.SMTPHandler.handleConnection
> (SMTPHandler.java:163)
> at
> org.apache.avalon.cornerstone.blocks.connection.ConnectionRunner.run
> (Connection.java:167)
> at
> org.apache.avalon.excalibur.thread.impl.ExecutableRunnable.execute
> (ExecutableRunnable.java:47)
> at org.apache.avalon.excalibur.thread.impl.WorkerThread.run
> (WorkerThread.java:86)
>
>
> null-pointer exception if username is not base64.
> connection terminated.
> .. well the connection should not terminate here i think ?
>
> rfc2554:
> If the server cannot BASE64 decode the argument, it rejects
the
> AUTH command with a 501 reply. If the server rejects the
> authentication data, it SHOULD reject the AUTH command with a
> 535 reply unless a more specific error code
>
>
> .) same thing for plain:
>
>
> 1027876424636 [INFO ] (smtpserver): Connection from 127.0.0.1
> (127.0.0.1)
> 1027876453457 [INFO ] (smtpserver): Command received: EHLO cgshome
> 1027876460437 [INFO ] (smtpserver): Command received: AUTH PLAIN
> 1027876473476 [DEBUG ] (smtpserver): Exception opening socket: null
> java.util.NoSuchElementException
> at java.util.StringTokenizer.nextToken(Unknown Source)
> at
> org.apache.james.smtpserver.SMTPHandler.doAUTH(SMTPHandler.java:331)
> at org.apache.james.smtpserver.SMTPHandler.parseCommand
> (SMTPHandler.java:238)
> at org.apache.james.smtpserver.SMTPHandler.handleConnection
> (SMTPHandler.java:163)
> at
> org.apache.avalon.cornerstone.blocks.connection.ConnectionRunner.run
> (Connection.java:167)
> at
> org.apache.avalon.excalibur.thread.impl.ExecutableRunnable.execute
> (ExecutableRunnable.java:47)
> at org.apache.avalon.excalibur.thread.impl.WorkerThread.run
> (WorkerThread.java:86)
>
>
> auth plain with no base64 or invalid username.
> connection terminated.
>
> -----------------------
>
> The behavior is fairly simple - an invalid argument passed into AUTH
PLAIN
> or
> AUTH LOGIN will generate various exceptions that are uncaught by the
> doAuth
> method of SMTPHandler.java. They are thrown up to handleConnection,
which
> closes the connection upon receiving the exception. These exceptions
need
> to
> be caught in situ and the appropriate return code generated and sent.
>
> --
> To unsubscribe, e-mail: <mailto:james-dev-
> unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:james-dev-
> help@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>