12 Replies Latest reply on Feb 17, 2013 5:16 PM by 991510

    ArrayIndexOutOfBoundsException, Response.parseString

    810935
      java.lang.ArrayIndexOutOfBoundsException
           at com.sun.mail.iap.Response.parseString(Response.java:391)
           at com.sun.mail.iap.Response.readString(Response.java:320)
           at com.sun.mail.imap.protocol.ENVELOPE.<init>(ENVELOPE.java:96)
           at com.sun.mail.imap.protocol.FetchResponse.parse(FetchResponse.java:127)
           at com.sun.mail.imap.protocol.FetchResponse.<init>(FetchResponse.java:63)
           ...
      Take a look at Response.java
           ...
           b = buffer[index];
           if (b == '"') { // QuotedString
                index++; // skip the quote
                int start = index;
                int copyto = index;
      
                while ((b = buffer[index]) != '"') {     *** LINE 391
                     ...
                }
           }
                     We iincrement index, and try to read from buffer without any size checks.
          index++; // skip the quote
          ...
          while ((b = buffer[index]) != '"') {
      {code}
      
      So if the quoted string was bad formed, e.g. it terminated right after '"', then we would get ArrayIndexOutOfBoundsException error. While comments state that in case of any error it should return 'null' value instead.
      /**
      * Generic parsing routine that can parse out a Quoted-String,
      * Literal or Atom and return the parsed token as a String
      * or a ByteArray. Errors or NIL data will return null.
      */
      private Object parseString(boolean parseAtoms, boolean returnString) {
      ...
      }
      Notice, that the same issues can be seen in other places. E.g. in following code we can easy go out of bounds if string has no '}'.
      while (buffer[index] != '}')
      index++;
      Whould be great it this code can be reviewed and fixed :-)
      
      Regards,
        - Alex