Browse code

[ips] BM-11630 TryStuff: ensure we send a decision in the right state & secure the b64 decoding a bit

Thomas Cataldo authored on 22/06/2017 16:18:05
Showing 2 changed files
... ...
@@ -97,6 +97,7 @@
97 97
       <plugin id="net.bluemind.locator.client"/>
98 98
       <plugin id="net.bluemind.locator.vertxclient"/>
99 99
       <plugin id="net.bluemind.mailbox.api"/>
100
+      <plugin id="net.bluemind.mailbox.hook"/>
100 101
       <plugin id="net.bluemind.mailbox.identity.api"/>
101 102
       <plugin id="net.bluemind.mailindex"/>
102 103
       <plugin id="net.bluemind.mailshare.api"/>
... ...
@@ -52,14 +52,14 @@ public final class AuthenticatePlainCP extends AbstractLoginCP {
52 52
 			decision.handle(rd);
53 53
 			break;
54 54
 		case EXPECT_B64:
55
-			processBase64(buf, rd, decision);
55
+			safeProcessBase64(buf, decision);
56 56
 			break;
57 57
 		case NEED_CONT:
58 58
 			if (buf.readableBytes() > (tag.length() + 1 + command.length())) {
59 59
 				logger.debug("SASL-IR mode");
60 60
 				int begin = tag.length() + 1 + command.length() + 1;
61 61
 
62
-				processBase64(buf.slice(begin, buf.readableBytes() - begin), rd, decision);
62
+				safeProcessBase64(buf.slice(begin, buf.readableBytes() - begin), decision);
63 63
 			} else {
64 64
 				logger.debug("Sending continuation");
65 65
 				byte[] cont = "+ \r\n".getBytes();
... ...
@@ -72,7 +72,20 @@ public final class AuthenticatePlainCP extends AbstractLoginCP {
72 72
 		}
73 73
 	}
74 74
 
75
-	private void processBase64(ByteBuf src, final RoutingDecision rd, final Handler<RoutingDecision> decision) {
75
+	private void safeProcessBase64(ByteBuf src, final Handler<RoutingDecision> decision) {
76
+		try {
77
+			processBase64(src, decision);
78
+		} catch (Exception e) {
79
+			logger.error(e.getMessage(), e);
80
+			state = AuthPlainState.FINISHED;
81
+			byte[] data = (tag + " BAD things\r\n").getBytes();
82
+			RoutingDecision newDecision = new RoutingDecision(Routing.ALTERNATE_TO_DOWNSTREAM);
83
+			newDecision.setAlternate(Unpooled.wrappedBuffer(data));
84
+			decision.handle(newDecision);
85
+		}
86
+	}
87
+
88
+	private void processBase64(ByteBuf src, final Handler<RoutingDecision> decision) {
76 89
 		ByteBuf bbDec = Base64.decode(src);
77 90
 		byte[] decoded = new byte[bbDec.readableBytes()];
78 91
 		bbDec.getBytes(0, decoded);
... ...
@@ -108,8 +121,9 @@ public final class AuthenticatePlainCP extends AbstractLoginCP {
108 121
 				state = AuthPlainState.FINISHED;
109 122
 				if (event == null) {
110 123
 					byte[] data = (tag + " NO refused\r\n").getBytes();
111
-					rd.setAlternate(Unpooled.wrappedBuffer(data));
112
-					decision.handle(rd);
124
+					RoutingDecision newDecision = new RoutingDecision(Routing.ALTERNATE_TO_DOWNSTREAM);
125
+					newDecision.setAlternate(Unpooled.wrappedBuffer(data));
126
+					decision.handle(newDecision);
113 127
 				} else {
114 128
 					decision.handle(new RoutingDecision(Routing.EXPECT_MORE));
115 129
 				}