[
https://issues.apache.org/jira/browse/DIRMINA-1148?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17410629#comment-17410629
]
Grzegorz Grzybek commented on DIRMINA-1148:
-------------------------------------------
Mina doesn't check if username is null:
https://github.com/apache/mina/blob/2.2.X/mina-core/src/main/java/org/apache/mina/proxy/handlers/socks/Socks4LogicHandler.java#L75
[Socks5LogicHandler also doesn't check
it|https://github.com/apache/mina/blob/2.2.X/mina-core/src/main/java/org/apache/mina/proxy/handlers/socks/Socks5LogicHandler.java#L173-L203],
but narrows the scope of using username/password to BASIC_AUTH method case.
The username is null in my own usercase, where Mina + socks4 proxy [is used via
quickfix-j|https://github.com/quickfix-j/quickfixj/blob/master/quickfixj-core/src/main/java/quickfix/mina/ProtocolFactory.java#L173-L208].
> NPE in Socks4LogicHandler
> -------------------------
>
> Key: DIRMINA-1148
> URL: https://issues.apache.org/jira/browse/DIRMINA-1148
> Project: MINA
> Issue Type: Bug
> Affects Versions: 2.1.4
> Reporter: Grzegorz Grzybek
> Priority: Critical
>
> {{SOCKS4}} 0x01 packet (establish a TCP/IP stream connection) may contain
> {{ID}} field to send variable-length, null-terminated user ID. However the
> code in
> {{org.apache.mina.proxy.handlers.socks.Socks4LogicHandler#writeRequest}}
> simply contains:
> {code:java}
> byte[] userID = request.getUserName().getBytes("ASCII");
> {code}
> leading to NPE, when the user ID is not set. For example camel-quickfix uses
> mina through quickfix-j library and username is optional.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
