james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexei Osipov (JIRA)" <server-...@james.apache.org>
Subject [jira] [Commented] (JAMES-1724) JPAUsersRepository fails with exception when login via SMTP contains \0 symbol
Date Wed, 20 Apr 2016 21:46:25 GMT

    [ https://issues.apache.org/jira/browse/JAMES-1724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15250778#comment-15250778
] 

Alexei Osipov commented on JAMES-1724:
--------------------------------------

Probably James should reject logins and passwords that contain \0 symbol even before checking
any repository. 

> JPAUsersRepository fails with exception when login via SMTP contains \0 symbol
> ------------------------------------------------------------------------------
>
>                 Key: JAMES-1724
>                 URL: https://issues.apache.org/jira/browse/JAMES-1724
>             Project: James Server
>          Issue Type: Bug
>            Reporter: Alexei Osipov
>              Labels: security
>
> JPAUsersRepository throws exception if login provided in AUTH request contains zero symbol
(\0).
> Precondition:
> James must use JPA store.
> Steps to reproduce:
> Connect to server via SMTP and execute commands:
> HELO servername
> AUTH LOGIN
> AA==
> AA==
> Actual behavior:
> Server refuses login (good) and throws exception (not good).
> Exception log:
> {code}INFO   | jvm 1    | 2016/04/21 00:34:01 | org.apache.james.user.api.UsersRepositoryException:
Unable to search user
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.james.user.jpa.JPAUsersRepository.getUserByName(JPAUsersRepository.java:84)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.james.user.jpa.JPAUsersRepository.test(JPAUsersRepository.java:202)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.james.smtpserver.UsersRepositoryAuthHook.doAuth(UsersRepositoryAuthHook.java:64)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.doAuthTest(AuthCmdHandler.java:350)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.doLoginAuthPassCheck(AuthCmdHandler.java:319)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.access$400(AuthCmdHandler.java:60)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler$3.onCommand(AuthCmdHandler.java:297)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler$AbstractSMTPLineHandler.handleCommand(AuthCmdHandler.java:106)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler$AbstractSMTPLineHandler.onLine(AuthCmdHandler.java:88)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler$AbstractSMTPLineHandler.onLine(AuthCmdHandler.java:76)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.james.protocols.netty.LineHandlerUpstreamHandler.messageReceived(LineHandlerUpstreamHandler.java:50)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:75)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:558)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:777)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.jboss.netty.channel.SimpleChannelUpstreamHandler.messageReceived(SimpleChannelUpstreamHandler.java:129)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:75)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:558)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:777)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.jboss.netty.handler.execution.ChannelUpstreamEventRunnable.run(ChannelUpstreamEventRunnable.java:44)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.jboss.netty.handler.execution.OrderedMemoryAwareThreadPoolExecutor$ChildExecutor.run(OrderedMemoryAwareThreadPoolExecutor.java:312)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at java.lang.Thread.run(Thread.java:745)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | Caused by: <openjpa-2.2.1-r422266:1396819
fatal general error> org.apache.openjpa.persistence.PersistenceException: ERROR: invalid
byte sequence for encoding "UTF8": 0x00 {prepstmnt 20859541 SELECT t0.user_name, t0.version,
t0.password_hash_algorithm, t0.password FROM public.JAMES_USER t0 WHERE (t0.user_name = ?)}
[code=0, state=22021]
> INFO   | jvm 1    | 2016/04/21 00:34:01 | FailedObject: SELECT user FROM JamesUser user
WHERE user.name=:name [java.lang.String]
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.sql.DBDictionary.narrow(DBDictionary.java:4958)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.sql.DBDictionary.newStoreException(DBDictionary.java:4918)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.sql.SQLExceptions.getStore(SQLExceptions.java:136)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.sql.SQLExceptions.getStore(SQLExceptions.java:118)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.sql.SQLExceptions.getStore(SQLExceptions.java:70)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.kernel.SelectResultObjectProvider.handleCheckedException(SelectResultObjectProvider.java:155)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.lib.rop.EagerResultList.<init>(EagerResultList.java:40)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.kernel.QueryImpl.toResult(QueryImpl.java:1251)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.kernel.QueryImpl.execute(QueryImpl.java:1007)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.kernel.QueryImpl.execute(QueryImpl.java:863)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.kernel.QueryImpl.execute(QueryImpl.java:794)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.kernel.DelegatingQuery.execute(DelegatingQuery.java:542)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.persistence.QueryImpl.execute(QueryImpl.java:286)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.persistence.QueryImpl.getResultList(QueryImpl.java:302)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.persistence.QueryImpl.getSingleResult(QueryImpl.java:330)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.james.user.jpa.JPAUsersRepository.getUserByName(JPAUsersRepository.java:79)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	... 22 more
> INFO   | jvm 1    | 2016/04/21 00:34:01 | Caused by: org.apache.openjpa.lib.jdbc.ReportingSQLException:
ERROR: invalid byte sequence for encoding "UTF8": 0x00 {prepstmnt 20859541 SELECT t0.user_name,
t0.version, t0.password_hash_algorithm, t0.password FROM public.JAMES_USER t0 WHERE (t0.user_name
= ?)} [code=0, state=22021]
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator.wrap(LoggingConnectionDecorator.java:219)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator.wrap(LoggingConnectionDecorator.java:203)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator.access$700(LoggingConnectionDecorator.java:59)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator$LoggingConnection$LoggingPreparedStatement.executeQuery(LoggingConnectionDecorator.java:1118)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.lib.jdbc.DelegatingPreparedStatement.executeQuery(DelegatingPreparedStatement.java:265)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.sql.PostgresDictionary$PostgresPreparedStatement.executeQuery(PostgresDictionary.java:1019)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.lib.jdbc.DelegatingPreparedStatement.executeQuery(DelegatingPreparedStatement.java:265)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.kernel.JDBCStoreManager$CancelPreparedStatement.executeQuery(JDBCStoreManager.java:1774)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.lib.jdbc.DelegatingPreparedStatement.executeQuery(DelegatingPreparedStatement.java:255)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.sql.SelectImpl.executeQuery(SelectImpl.java:499)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.sql.SelectImpl.execute(SelectImpl.java:424)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.sql.SelectImpl.execute(SelectImpl.java:391)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.sql.LogicalUnion$UnionSelect.execute(LogicalUnion.java:427)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.sql.LogicalUnion.execute(LogicalUnion.java:230)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.sql.LogicalUnion.execute(LogicalUnion.java:220)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.jdbc.kernel.SelectResultObjectProvider.open(SelectResultObjectProvider.java:94)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	at org.apache.openjpa.lib.rop.EagerResultList.<init>(EagerResultList.java:34)
> INFO   | jvm 1    | 2016/04/21 00:34:01 | 	... 31 more
> INFO   | jvm 1    | 2016/04/21 00:34:01 | ERROR 01:34:01,751 | james.smtpserver | Id='8528085'
User='' AUTH method LOGIN failed from {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org


Mime
View raw message