"Free Web Chat is a chat applet designed to be used in a browser. It consists of a server and a client applet. You can have multiple rooms and unlimited user. You can also private message individuals. Right now the administration aspect is fairly minimal, but soon you will have a robust administration GUI to go along with the server as well as the ability to connect as an administrator remotely."
The Free Web Chat server suffers from two denial of service vulnerabilities, one regarding an un-handled NullPointerException and another related to CPU resource consumption.
The chat server has an unchecked variable (in UserManager.java) that allow users to deny the chat service, in fact we are in presence of a NullPointerException not managed. The NullPointerException is located in the following method of UserManager.java: public void addUser( Socket sock )
{
User usr = new User(sock, this);
String usrName = usr.getName();
if (usrName != "" ) /* if used to check initialization */
/* it's an error */
{
/* wrong method call! */
/* no checks for usrName != null */
if (userHash.containsKey( usrName) )
{
usr.rejectUsername();
return;
}
usr.sendRoomList(rmManager.getRoomList());
(...)
}
As shown above the variable usrName is not checked so it may also be null but the method doesn't catch the exception that might be thrown - NullPointerException.
Workaround:
As a workaround, replace the vulnerable function 'addUser()' with the following, corrected version and recompile: public void addUser( Socket sock )
{
User usr = new User(sock, this);
String usrName = usr.getName();
if (usrName != "" )
{
