From b05750c245faba90a526ac971454e9b92f617bb9 Mon Sep 17 00:00:00 2001 From: cketti Date: Thu, 13 Oct 2011 02:35:08 +0200 Subject: [PATCH] Better input validation in *Store.createUri() --- src/com/fsck/k9/mail/store/ImapStore.java | 13 ++++++++-- src/com/fsck/k9/mail/store/Pop3Store.java | 3 ++- src/com/fsck/k9/mail/store/WebDavStore.java | 26 ++++++++++++------- .../fsck/k9/mail/transport/SmtpTransport.java | 13 +++++++--- 4 files changed, 40 insertions(+), 15 deletions(-) diff --git a/src/com/fsck/k9/mail/store/ImapStore.java b/src/com/fsck/k9/mail/store/ImapStore.java index 382cf9268..89836f40c 100644 --- a/src/com/fsck/k9/mail/store/ImapStore.java +++ b/src/com/fsck/k9/mail/store/ImapStore.java @@ -237,7 +237,8 @@ public class ImapStore extends Store { String passwordEnc; try { userEnc = URLEncoder.encode(server.username, "UTF-8"); - passwordEnc = URLEncoder.encode(server.password, "UTF-8"); + passwordEnc = (server.password != null) ? + URLEncoder.encode(server.password, "UTF-8") : ""; } catch (UnsupportedEncodingException e) { throw new IllegalArgumentException("Could not encode username or password", e); @@ -263,7 +264,15 @@ public class ImapStore extends Store { break; } - String userInfo = server.authenticationType + ":" + userEnc + ":" + passwordEnc; + AuthType authType; + try { + authType = AuthType.valueOf(server.authenticationType); + } catch (Exception e) { + throw new IllegalArgumentException("Invalid authentication type: " + + server.authenticationType); + } + + String userInfo = authType.toString() + ":" + userEnc + ":" + passwordEnc; try { Map extra = server.getExtra(); String prefix = (extra != null) ? extra.get(ImapStoreSettings.PATH_PREFIX_KEY) : null; diff --git a/src/com/fsck/k9/mail/store/Pop3Store.java b/src/com/fsck/k9/mail/store/Pop3Store.java index a38c58823..353c452e3 100644 --- a/src/com/fsck/k9/mail/store/Pop3Store.java +++ b/src/com/fsck/k9/mail/store/Pop3Store.java @@ -121,7 +121,8 @@ public class Pop3Store extends Store { String passwordEnc; try { userEnc = URLEncoder.encode(server.username, "UTF-8"); - passwordEnc = URLEncoder.encode(server.password, "UTF-8"); + passwordEnc = (server.password != null) ? + URLEncoder.encode(server.password, "UTF-8") : ""; } catch (UnsupportedEncodingException e) { throw new IllegalArgumentException("Could not encode username or password", e); diff --git a/src/com/fsck/k9/mail/store/WebDavStore.java b/src/com/fsck/k9/mail/store/WebDavStore.java index 85d539e77..f3bae3174 100644 --- a/src/com/fsck/k9/mail/store/WebDavStore.java +++ b/src/com/fsck/k9/mail/store/WebDavStore.java @@ -203,7 +203,8 @@ public class WebDavStore extends Store { String passwordEnc; try { userEnc = URLEncoder.encode(server.username, "UTF-8"); - passwordEnc = URLEncoder.encode(server.password, "UTF-8"); + passwordEnc = (server.password != null) ? + URLEncoder.encode(server.password, "UTF-8") : ""; } catch (UnsupportedEncodingException e) { throw new IllegalArgumentException("Could not encode username or password", e); @@ -229,15 +230,22 @@ public class WebDavStore extends Store { break; } - Map extra = server.getExtra(); String userInfo = userEnc + ":" + passwordEnc; - String path = extra.get(WebDavStoreSettings.PATH_KEY); - path = (path != null) ? path : ""; - String authPath = extra.get(WebDavStoreSettings.AUTH_PATH_KEY); - authPath = (authPath != null) ? authPath : ""; - String mailboxPath = extra.get(WebDavStoreSettings.MAILBOX_PATH_KEY); - mailboxPath = (mailboxPath != null) ? mailboxPath : ""; - String uriPath = path + "|" + authPath + "|" + mailboxPath; + + String uriPath; + Map extra = server.getExtra(); + if (extra != null) { + String path = extra.get(WebDavStoreSettings.PATH_KEY); + path = (path != null) ? path : ""; + String authPath = extra.get(WebDavStoreSettings.AUTH_PATH_KEY); + authPath = (authPath != null) ? authPath : ""; + String mailboxPath = extra.get(WebDavStoreSettings.MAILBOX_PATH_KEY); + mailboxPath = (mailboxPath != null) ? mailboxPath : ""; + uriPath = path + "|" + authPath + "|" + mailboxPath; + } else { + uriPath = "||"; + } + try { return new URI(scheme, userInfo, server.host, server.port, uriPath, null, null).toString(); diff --git a/src/com/fsck/k9/mail/transport/SmtpTransport.java b/src/com/fsck/k9/mail/transport/SmtpTransport.java index b92b8236f..e4e945e16 100644 --- a/src/com/fsck/k9/mail/transport/SmtpTransport.java +++ b/src/com/fsck/k9/mail/transport/SmtpTransport.java @@ -129,8 +129,10 @@ public class SmtpTransport extends Transport { String userEnc; String passwordEnc; try { - userEnc = URLEncoder.encode(server.username, "UTF-8"); - passwordEnc = URLEncoder.encode(server.password, "UTF-8"); + userEnc = (server.username != null) ? + URLEncoder.encode(server.username, "UTF-8") : ""; + passwordEnc = (server.password != null) ? + URLEncoder.encode(server.password, "UTF-8") : ""; } catch (UnsupportedEncodingException e) { throw new IllegalArgumentException("Could not encode username or password", e); @@ -156,7 +158,12 @@ public class SmtpTransport extends Transport { break; } - String userInfo = userEnc + ":" + passwordEnc + ":" + server.authenticationType; + String authType = server.authenticationType; + if (!"CRAM_MD5".equals(authType) && !"PLAIN".equals(authType)) { + throw new IllegalArgumentException("Invalid authentication type: " + authType); + } + + String userInfo = userEnc + ":" + passwordEnc + ":" + authType; try { return new URI(scheme, userInfo, server.host, server.port, null, null, null).toString();