refs/heads/3.6.x - james-project

commit	891c7b1a2e83b2171238e71171e19e4b5c51eeac	[log] [tgz]
author	Benoit TELLIER <btellier@linagora.com>	Thu Mar 31 12:38:49 2022 +0700
committer	GitHub <noreply@github.com>	Thu Mar 31 12:38:49 2022 +0700
tree	854d428a0b8d8ae7a62744c4ab99c341ad6dd0c6
parent	af83bd4d2f1990892b75c53e3de689d06e8ec48f [diff]

JAMES-1862 Fix STARTTLS command injection detection [BACKPORT 3.6.x] (#944)

Original PR: https://github.com/apache/james-project/pull/919

 - Parser differential for IMAP STARTTLS
 - Concurrency could lead to injected plain commands to be run as SSL encrypted

mpt/core/src/main/java/org/apache/james/mpt/session/ExternalSession.java[diff]
protocols/api/src/main/java/org/apache/james/protocols/api/AbstractProtocolTransport.java[diff]
protocols/netty/src/main/java/org/apache/james/protocols/netty/AllButStartTlsLineBasedChannelHandler.java[diff]
server/protocols/protocols-imap4/pom.xml[diff]
server/protocols/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/NettyImapSession.java[diff]
server/protocols/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/SwitchableLineBasedFrameDecoder.java[diff]
server/protocols/protocols-imap4/src/test/java/org/apache/james/imapserver/netty/IMAPServerTest.java[diff]
server/protocols/protocols-imap4/src/test/resources/imapServerStartTLS.xml[Added - diff]
server/protocols/protocols-imap4/src/test/resources/keystore[Added - diff]

9 files changed