"Free Web Chat is a chat applet designed to be used in a browser. It consists of a server and a client applet. You can have multiple rooms and unlimited user. You can also private message individuals. Right now the administration aspect is farily minimal, but soon you will have a robust administration gui to go along with the server as well as the ability to connect as an administrator remotely." xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
------------- 2. The bugs: -------------
The chat server has two bugs:
[1] Denial Of Service
The chat server has an unchecked variable (in UserManager.java) that allow users to deny the chat service, in fact we are in presence of a NullPointerException not managed.
The NullPointerException is located in the following method of UserManager.java:
public void addUser( Socket sock ) { User usr = new User(sock, this); String usrName = usr.getName(); if (usrName != "" ) /* if used to check initialization */ /* it's an error */ { /* wrong method call! */ /* no checks for usrName != null */ if (userHash.containsKey( usrName) ) { usr.rejectUsername(); return; }
usr.sendRoomList(rmManager.getRoomList());
(...) }
as illustrated above the variable usrName is not checked so it may be also null. Addictionally the method doesn't catch the exception that may be thrown: NullPointerException.
[2] Resources Consumption
The chat server is unable to properly manage multiple connections from the same user. In fact it will consume a lot of CPU resources. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
No fix. The vendor has not answered to my signalations.
If you want you can fix the bug [1] by using my following patch. To fix the bug [1] replace the method: addUser( Socket sock ) in UserManager.java, with the following patched method:
public void addUser( Socket sock ) { User usr = new User(sock, this); String usrName = usr.getName(); if (usrName != "" ) {
