[
https://issues.apache.org/jira/browse/JAMES-1724?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tellier Benoit updated JAMES-1724:
----------------------------------
Labels: newbie security (was: security)
> JPAUsersRepository fails with exception when login via SMTP contains \0 symbol
> ------------------------------------------------------------------------------
>
> Key: JAMES-1724
> URL: https://issues.apache.org/jira/browse/JAMES-1724
> Project: James Server
> Issue Type: Bug
> Reporter: Alexei Osipov
> Labels: newbie, security
>
> JPAUsersRepository throws exception if login provided in AUTH request
> contains zero symbol (\0).
> Precondition:
> James must use JPA store.
> Steps to reproduce:
> Connect to server via SMTP and execute commands:
> HELO servername
> AUTH LOGIN
> AA==
> AA==
> Actual behavior:
> Server refuses login (good) and throws exception (not good).
> Exception log:
> {code}INFO | jvm 1 | 2016/04/21 00:34:01 |
> org.apache.james.user.api.UsersRepositoryException: Unable to search user
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.james.user.jpa.JPAUsersRepository.getUserByName(JPAUsersRepository.java:84)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.james.user.jpa.JPAUsersRepository.test(JPAUsersRepository.java:202)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.james.smtpserver.UsersRepositoryAuthHook.doAuth(UsersRepositoryAuthHook.java:64)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.doAuthTest(AuthCmdHandler.java:350)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.doLoginAuthPassCheck(AuthCmdHandler.java:319)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.access$400(AuthCmdHandler.java:60)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler$3.onCommand(AuthCmdHandler.java:297)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler$AbstractSMTPLineHandler.handleCommand(AuthCmdHandler.java:106)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler$AbstractSMTPLineHandler.onLine(AuthCmdHandler.java:88)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler$AbstractSMTPLineHandler.onLine(AuthCmdHandler.java:76)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.james.protocols.netty.LineHandlerUpstreamHandler.messageReceived(LineHandlerUpstreamHandler.java:50)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:75)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:558)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:777)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.jboss.netty.channel.SimpleChannelUpstreamHandler.messageReceived(SimpleChannelUpstreamHandler.java:129)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:75)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:558)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:777)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.jboss.netty.handler.execution.ChannelUpstreamEventRunnable.run(ChannelUpstreamEventRunnable.java:44)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.jboss.netty.handler.execution.OrderedMemoryAwareThreadPoolExecutor$ChildExecutor.run(OrderedMemoryAwareThreadPoolExecutor.java:312)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> java.lang.Thread.run(Thread.java:745)
> INFO | jvm 1 | 2016/04/21 00:34:01 | Caused by:
> <openjpa-2.2.1-r422266:1396819 fatal general error>
> org.apache.openjpa.persistence.PersistenceException: ERROR: invalid byte
> sequence for encoding "UTF8": 0x00 {prepstmnt 20859541 SELECT t0.user_name,
> t0.version, t0.password_hash_algorithm, t0.password FROM public.JAMES_USER t0
> WHERE (t0.user_name = ?)} [code=0, state=22021]
> INFO | jvm 1 | 2016/04/21 00:34:01 | FailedObject: SELECT user FROM
> JamesUser user WHERE user.name=:name [java.lang.String]
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.jdbc.sql.DBDictionary.narrow(DBDictionary.java:4958)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.jdbc.sql.DBDictionary.newStoreException(DBDictionary.java:4918)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.jdbc.sql.SQLExceptions.getStore(SQLExceptions.java:136)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.jdbc.sql.SQLExceptions.getStore(SQLExceptions.java:118)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.jdbc.sql.SQLExceptions.getStore(SQLExceptions.java:70)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.jdbc.kernel.SelectResultObjectProvider.handleCheckedException(SelectResultObjectProvider.java:155)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.lib.rop.EagerResultList.<init>(EagerResultList.java:40)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.kernel.QueryImpl.toResult(QueryImpl.java:1251)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.kernel.QueryImpl.execute(QueryImpl.java:1007)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.kernel.QueryImpl.execute(QueryImpl.java:863)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.kernel.QueryImpl.execute(QueryImpl.java:794)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.kernel.DelegatingQuery.execute(DelegatingQuery.java:542)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.persistence.QueryImpl.execute(QueryImpl.java:286)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.persistence.QueryImpl.getResultList(QueryImpl.java:302)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.persistence.QueryImpl.getSingleResult(QueryImpl.java:330)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.james.user.jpa.JPAUsersRepository.getUserByName(JPAUsersRepository.java:79)
> INFO | jvm 1 | 2016/04/21 00:34:01 | ... 22 more
> INFO | jvm 1 | 2016/04/21 00:34:01 | Caused by:
> org.apache.openjpa.lib.jdbc.ReportingSQLException: ERROR: invalid byte
> sequence for encoding "UTF8": 0x00 {prepstmnt 20859541 SELECT t0.user_name,
> t0.version, t0.password_hash_algorithm, t0.password FROM public.JAMES_USER t0
> WHERE (t0.user_name = ?)} [code=0, state=22021]
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator.wrap(LoggingConnectionDecorator.java:219)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator.wrap(LoggingConnectionDecorator.java:203)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator.access$700(LoggingConnectionDecorator.java:59)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator$LoggingConnection$LoggingPreparedStatement.executeQuery(LoggingConnectionDecorator.java:1118)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.lib.jdbc.DelegatingPreparedStatement.executeQuery(DelegatingPreparedStatement.java:265)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.jdbc.sql.PostgresDictionary$PostgresPreparedStatement.executeQuery(PostgresDictionary.java:1019)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.lib.jdbc.DelegatingPreparedStatement.executeQuery(DelegatingPreparedStatement.java:265)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.jdbc.kernel.JDBCStoreManager$CancelPreparedStatement.executeQuery(JDBCStoreManager.java:1774)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.lib.jdbc.DelegatingPreparedStatement.executeQuery(DelegatingPreparedStatement.java:255)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.jdbc.sql.SelectImpl.executeQuery(SelectImpl.java:499)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.jdbc.sql.SelectImpl.execute(SelectImpl.java:424)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.jdbc.sql.SelectImpl.execute(SelectImpl.java:391)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.jdbc.sql.LogicalUnion$UnionSelect.execute(LogicalUnion.java:427)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.jdbc.sql.LogicalUnion.execute(LogicalUnion.java:230)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.jdbc.sql.LogicalUnion.execute(LogicalUnion.java:220)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.jdbc.kernel.SelectResultObjectProvider.open(SelectResultObjectProvider.java:94)
> INFO | jvm 1 | 2016/04/21 00:34:01 | at
> org.apache.openjpa.lib.rop.EagerResultList.<init>(EagerResultList.java:34)
> INFO | jvm 1 | 2016/04/21 00:34:01 | ... 31 more
> INFO | jvm 1 | 2016/04/21 00:34:01 | ERROR 01:34:01,751 |
> james.smtpserver | Id='8528085' User='' AUTH method LOGIN failed from {code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org
