Overview

File javamail-CVE-2025-7962.patch of Package javamail

--- javamail-JAVAMAIL-1_6_2/mail/src/main/java/com/sun/mail/smtp/SMTPTransport.java	2025-07-23 08:57:23.698768098 +0200
+++ javamail-JAVAMAIL-1_6_2/mail/src/main/java/com/sun/mail/smtp/SMTPTransport.java	2025-07-23 08:57:44.109600841 +0200
@@ -2408,14 +2408,25 @@
 	    //logger.fine("SENT: " + new String(cmdBytes, 0));
 
         try {
+	    validateCommand(cmdBytes);
 	    serverOutput.write(cmdBytes);
 	    serverOutput.write(CRLF);
 	    serverOutput.flush();
-	} catch (IOException ex) {
+	} catch (IOException | RuntimeException ex) {
 	    throw new MessagingException("Can't send command to SMTP host", ex);
 	}
     }
 
+    private void validateCommand(byte[] cmdBytes) throws MessagingException {
+        final byte CR = '\r';
+        final byte LF = '\n';
+        for (byte b : cmdBytes) {
+            if (b == LF || b == CR) {
+                throw new IllegalArgumentException("Command contains illegal character: " + String.format("0x%02x",b));
+            }
+        }
+    }
+
     /**
      * Reads server reponse returning the <code>returnCode</code>
      * as the number.  Returns -1 on failure. Sets
openSUSE Build Service is sponsored by
Places