<meta name="generator" content="StarOffice/OpenOffice.org XSLT (http://xml.openoffice.org/sx2ml)" /><meta name="author" content="Dave King" /><meta name="created" content="2008-02-27T11:37:41" /><meta name="changedby" content="Dave King" /><meta name="changed" content="2008-02-28T07:12:26" /><base href="." /><style type="text/css"> @page { } table { border-collapse:collapse; border-spacing:0; empty-cells:show } td, th { vertical-align:top; } h1, h2, h3, h4, h5, h6 { clear:both } ol, ul { padding:0; } * { margin:0; } *.ta1 { } *.ce1 { font-family:'Nimbus Sans L'; background-color:#000080; vertical-align:middle; text-align:center ! important; color:#ffffff; font-weight:bold; } *.ce10 { font-family:'Nimbus Sans L'; vertical-align:top; } *.ce11 { font-family:'Nimbus Sans L'; background-color:#008000; vertical-align:middle; text-align:center ! important; color:#ffffff; font-weight:bold; } *.ce12 { font-family:'Nimbus Sans L'; } *.ce2 { font-family:'Nimbus Sans L'; vertical-align:top; } *.ce3 { font-family:'Nimbus Sans L'; background-color:#008000; vertical-align:middle; text-align:center ! important; color:#ffffff; font-weight:bold; } *.ce4 { font-family:'Nimbus Sans L'; background-color:#000080; vertical-align:middle; text-align:center ! important; margin-left:0in; color:#ffffff; font-weight:bold; } *.ce5 { font-family:'Nimbus Sans L'; background-color:#008000; vertical-align:middle; text-align:center ! important; margin-left:0in; color:#ffffff; font-weight:bold; } *.ce6 { font-family:'Nimbus Sans L'; background-color:#000080; vertical-align:top; text-align:center ! important; color:#ffffff; font-weight:bold; } *.ce7 { font-family:'Nimbus Sans L'; vertical-align:top; } *.ce8 { font-family:'Nimbus Sans L'; background-color:#008000; vertical-align:top; text-align:center ! important; color:#ffffff; font-weight:bold; } *.ce9 { font-family:'Nimbus Sans L'; background-color:#000080; vertical-align:middle; text-align:center ! important; color:#ffffff; font-weight:bold; } *.Default { font-family:'Nimbus Sans L'; } *.Heading { font-family:'Nimbus Sans L'; text-align:center ! important; font-size:16pt; font-style:italic; font-weight:bold; } *.Heading1 { font-family:'Nimbus Sans L'; text-align:center ! important; font-size:16pt; font-style:italic; font-weight:bold; } *.Result { font-family:'Nimbus Sans L'; font-style:italic; font-weight:bold; text-decoration:underline; } *.Result2 { font-family:'Nimbus Sans L'; font-style:italic; font-weight:bold; text-decoration:underline; } *.co1 { width:1.7965in; } *.co2 { width:1.302in; } *.co3 { width:0.8925in; } *.co4 { width:1.0866in; } *.co5 { width:1.2374in; } *.co6 { width:3.3783in; } *.co7 { width:2.3563in; } *.ro1 { height:0.4346in; } *.ro2 { height:0.228in; } *.ro3 { height:0.6425in; } *.ro4 { height:0.8492in; } *.ro5 { height:0.2201in; } </style></head><body dir="ltr"><table border="0" cellspacing="0" cellpadding="0" class="ta1"><colgroup><col width="199" /><col width="145" /><col width="99" /><col width="121" /><col width="137" /><col width="121" /><col width="375" /><col width="99" /><col width="262" /><col width="99" /></colgroup><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce1"><p>File </p></td><td style="text-align:left;width:1.302in; " class="ce1"><p>Kind </p></td><td style="text-align:left;width:0.8925in; " class="ce1"><p>Size </p></td><td style="text-align:left;width:1.0866in; " class="ce4"><p>Size w/o PC Chains </p></td><td style="text-align:left;width:1.2374in; " class="ce1"><p>Method </p></td><td style="text-align:left;width:1.0866in; " class="ce6"><p>Type of Infoflow Error </p></td><td style="text-align:left;width:3.3783in; " class="ce9"><p>Cause </p></td><td style="text-align:left;width:0.8925in; " class="ce1"><p>Resolution </p></td><td style="text-align:left;width:2.3563in; " class="ce9"><p>Comments </p></td><td style="text-align:left;width:0.8925in; " class="ce1" /></tr><tr class="ro2"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>13 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>13 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleList </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>write size of each message in mailbox </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro2"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>13 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>13 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleList </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>write size of each message with # > argument </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>17 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>17 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleRetr </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>write specified message to user (outside while loop) </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>encrypt </p></td><td style="text-align:left;width:2.3563in; " class="ce10"><p>could use one declassifier by rewriting as do/while loop </p></td><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>17 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>17 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleRetr </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>write specified message to user (inside while loop) </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>encrypt </p></td><td style="text-align:left;width:2.3563in; " class="ce10"><p>could use one declassifier by rewriting as do/while loop </p></td><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>17 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>17 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleTop </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>write specified message headers to user (outside while loop) </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>encrypt </p></td><td style="text-align:left;width:2.3563in; " class="ce10"><p>could use one declassifier by rewriting as do/while loop </p></td><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>17 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>17 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleTop </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>write specified message headers to user (inside while loop) </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>encrypt </p></td><td style="text-align:left;width:2.3563in; " class="ce10"><p>could use one declassifier by rewriting as do/while loop </p></td><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>17 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>17 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleTop </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>write specified message to user (outside while loop) </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>encrypt </p></td><td style="text-align:left;width:2.3563in; " class="ce10"><p>could use one declassifier by rewriting as do/while loop </p></td><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>17 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>17 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleTop </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>write specified message to user (inside while loop) </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>encrypt </p></td><td style="text-align:left;width:2.3563in; " class="ce10"><p>could use one declassifier by rewriting as do/while loop </p></td><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>29 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>23 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>authenticate </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>if user tries to log on, check if the mailbox is locked or not – notify user if succeeds/fails in login attempt </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>25 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>17 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleList </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>if user attempts to LIST a declassified message, write MESSAGE_NO_SUCH_MESSAGE </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>25 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>17 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleRetr </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>if user attempts to RETR a declassified message, write MESSAGE_NO_SUCH_MESSAGE </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>25 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>17 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleDele </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>if user attempts to DELE a deleted message, write MESSAGE_ALREADY_DELETED </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>25 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>17 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleTop </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>if user attempts to TOP a deleted message, write MESSAGE_NO_SUCH_MESSAGE </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro3"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>25 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>17 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleUidl </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>if user attempts to UIDL a deleted message, write MESSAGE_ALREADY_DELETED (specified messages) </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>24 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>17 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleUidl </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>UIDL outputs a message's unique ID (specified messages) </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10"><p>could encrypt, though would need to handle decryption from user </p></td><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro2"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>28 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>20 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleUidl </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>UIDL outputs a message's unique ID (no arguments) </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>24 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>17 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleUidl </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>if user calls UIDL, only give UIDL for a message if it is not deleted </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>13 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>11 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>authenticate </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>during login, accept or fail based on whether the entered password is correct </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro2"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>12 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>12 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleStat </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>writes the total number of messages </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro2"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>13 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>13 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleList </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>lists the total number of messages in the mailbox </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>14 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>13 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleList </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>lists the total number of messages in the mailbox (after specified message) </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro2"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>14 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>13 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleRetr </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>retrieves a message if it exists </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro3"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>14 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>13 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleDele </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>deletes a message if it exists (tests if specified message is > than the total number of messages) </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10"><p>could refactor this to a “doesMessageNumber” exist and only use one declassify statement </p></td><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro3"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>14 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>13 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleTop </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>does not TOP the message if it does not exist (tests if specified message is > than total number of messages) </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>15 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>13 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleUidl </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>gives # of UIDLs equal to the total number of messages </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro3"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>14 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>13 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleUidl </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>does not give UIDL for messages if it does not exist (tests if specified message is > than total number of messages) </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro2"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>16 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>16 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleStat </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>outputs the total size of user's mailbox </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro2"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>17 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>17 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleList </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>outputs the total size of user's mailbox </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro4"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>27 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>20 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>authenticate </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>only logs you in If you specify a valid user name </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10"><p>merged with password authenticate release (note: server does NOT give different messages for bad password/bad user) </p></td><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro2"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPProcessor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>15 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>13 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleCommands </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>DATA command leaks size of message's to address </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro2"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPProcessor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>23 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>19 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleData </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>can't send a message larger than maximum size </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro3"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPSender.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>27 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>18 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>deliver </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>deliver a message to a user either remotely or locally based on whether the message is to a remote or local user </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10"><p>of course </p></td><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPSender.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>27 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>18 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>deliver </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>deliver a number of messages equal to the to: addresses in a message's field </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro2"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPSender.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>37 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>25 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>deliver </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>number of addresses that failed delivery </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPSender.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>48 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>35 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>deliver </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>if the message has a delivery time less than the system time, don't deliver </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro2"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPRemoteSender.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>24 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>21 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>sendData </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>send message data over the wires </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>encrypt </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2" /><td style="text-align:left;width:1.302in; " class="ce2" /><td style="text-align:right; width:0.8925in; " class="ce2"><p>26 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>22 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>deliver </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>number of addresses that failed delivery – number of bounce messages sent </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPRemoteSender.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>24 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>21 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>sendData </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>send message data over the wires a number of times equal to the lines in the message </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro3"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPSender.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>34 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>22 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>run </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>deliver a number of messages equal to the messages in the user directory – need to declassify file path, etc. </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10"><p>??? </p></td><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPRemoteSender.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>26 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>19 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>sendIntro </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>ELHO intro contains one of configuration manager's local domains </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPRemoteSender.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>26 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>19 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>sendIntro </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>HELO intro contains one of configuration manager's local domains </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro3"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPSender.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>27 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>20 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>deliver </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>if the message deliver fails AND is from MAILER_DAEMON, then move message to a special folder rather than attempt resend </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro2"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPSender.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>25 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>20 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>deliver </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>MAIL FROM contains sender </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10"><p>I sure hope so </p></td><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro2"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPRemoteSender.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>25 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>20 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>deliver </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>RCTP TO contains recipient </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10"><p> </p></td><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPRemoteSender.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>52 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>41 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>connect </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>Socket is opened to a port specified by configuration manager </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPRemoteSender.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>52 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>40 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>connect </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>Socket is opened to a host specified by configuration manager </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPRemoteSender.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>50 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>39 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>connect </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>Socket is tried to be opened a number of times equal to mxEntries.length </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPRemoteSender.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>55 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>42 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>sendIntro </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>AUTH LOGIN only written if mxEntry username is non-null </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPRemoteSender.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>57 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>45 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>sendIntro </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>mxEntry username written to socket during AUTH LOGIN </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPRemoteSender.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Secret <= Tainted </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>57 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>45 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>sendIntro </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>mxEntry password written to socket during AUTH LOGIN (hashed password, I hope?) </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>declassify or encrypt </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce3"><p>File </p></td><td style="text-align:left;width:1.302in; " class="ce3"><p>Kind </p></td><td style="text-align:left;width:0.8925in; " class="ce3"><p>Size </p></td><td style="text-align:left;width:1.0866in; " class="ce5"><p>Size w/o PC Chains </p></td><td style="text-align:left;width:1.2374in; " class="ce3"><p>Method </p></td><td style="text-align:left;width:1.0866in; " class="ce8"><p>Type of Infoflow Error </p></td><td style="text-align:left;width:3.3783in; " class="ce11"><p>Cause </p></td><td style="text-align:left;width:0.8925in; " class="ce3"><p>Resolution </p></td><td style="text-align:left;width:2.3563in; " class="ce11"><p>Comments </p></td><td style="text-align:left;width:0.8925in; " class="ce3" /></tr><tr class="ro3"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPProcessor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Tainted <= Secret </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>19 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>14 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleRcptTo </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>create delivery address if the rcpt address is valid (check delivery service to see if it accepts a client's IP and hostname) </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>endorse </p></td><td style="text-align:left;width:2.3563in; " class="ce10"><p>FALSE POSITIVE. created email address is not stored in system.</p></td><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPProcessor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Tainted <= Secret </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>23 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>23 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleData </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>write client IP as a string into message which is added to user's mailbox </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>endorse </p></td><td style="text-align:left;width:2.3563in; " class="ce10"><p>who cares? </p></td><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPProcessor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Tainted <= Secret </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>25 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>25 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleData </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>write information from socket into message which is added to user's mailbox </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>sanitize </p></td><td style="text-align:left;width:2.3563in; " class="ce10"><p>MIGHT BE IMPORTANT </p></td><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPProcessor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Tainted <= Secret </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>27 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>26 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleData </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>keep writing data off the socket until a “.” is encountered (indicating the end of the message) </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>endorse </p></td><td style="text-align:left;width:2.3563in; " class="ce10"><p>MIGHT BE IMPORTANT </p></td><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Tainted <= Secret </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>22 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>20 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>parseCommand </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit/explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>potentially quit POP3 session based off of input from client socket </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>sanitize </p></td><td style="text-align:left;width:2.3563in; " class="ce10"><p>endorsed entire input </p></td><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Tainted <= Secret </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>23 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>20 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>authenticate </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>begin a login session if the user enters COMMAND_USER command </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>endorse </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>POP3Processor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Tainted <= Secret </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>24 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>21 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>parseArgument </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit/explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>make decisions based on argument to command received from client (in particular, passwords, etc) </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>sanitize </p></td><td style="text-align:left;width:2.3563in; " class="ce10"><p>endorsed entire input </p></td><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro2"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPProcessor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Tainted <= Secret </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>24 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>23 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>parseAddress </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit/explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>make decisions based on output email address </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>sanitize </p></td><td style="text-align:left;width:2.3563in; " class="ce10"><p>endorsed entire input </p></td><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPProcessor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Tainted <= Secret </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>24 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>23 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleCommands </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>make decisions based on whether the input string is a FROM command </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>sanitize </p></td><td style="text-align:left;width:2.3563in; " class="ce10"><p>needed to annotate return value as untainted </p></td><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPProcessor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Tainted <= Secret </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>27 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>23 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleData </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>make decisions based on checking if the input string starts with “RCTP TO” (no special sanitizer) </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>sanitize </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro2"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPProcessor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Tainted <= Secret </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>28 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>24 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>parseCommand </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>command parser function </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>sanitize </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPProcessor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Tainted <= Secret </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>28 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>24 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>handleCommands </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>make decisions based on checking if the input string starts with “MAIL FROM” (no special sanitizer) </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>sanitize </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro2"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPProcessor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Tainted <= Secret </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>32 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>28 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>parseArgument </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>implicit/explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>argument parser function </p></td><td style="text-align:left;width:0.8925in; " class="ce2"><p>sanitize </p></td><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro1"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPProcessor.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Tainted <= Secret </p></td><td style="text-align:left;width:0.8925in; " class="ce2" /><td style="text-align:left;width:1.0866in; " class="ce2" /><td style="text-align:left;width:1.2374in; " class="ce2"><p>acceptAddress </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>needed to explicitly declassify argument to a function that was called under different security contexts </p></td><td style="text-align:left;width:0.8925in; " class="ce2" /><td style="text-align:left;width:2.3563in; " class="ce10"><p>FALSE POSITIVE ? </p></td><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro3"><td style="text-align:left;width:1.7965in; " class="Default"><p>DeliveryService.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Tainted <= Secret </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>43 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>36 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>isAuthenticated </p></td><td style="text-align:left;width:1.0866in; " class="ce7"><p>explicit </p></td><td style="text-align:left;width:3.3783in; " class="ce10"><p>needed to declassify clientIp for each use inside a method that checks if it is among the authenticated Ips </p></td><td style="text-align:left;width:0.8925in; " class="ce2" /><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro2"><td style="text-align:left;width:1.7965in; " class="ce2"><p>SMTPRemoteSender.java </p></td><td style="text-align:left;width:1.302in; " class="ce2"><p>Tainted <= Secret </p></td><td style="text-align:right; width:0.8925in; " class="ce2"><p>37 </p></td><td style="text-align:right; width:1.0866in; " class="ce2"><p>34 </p></td><td style="text-align:left;width:1.2374in; " class="ce2"><p>read </p></td><td style="text-align:left;width:1.0866in; " class="ce7" /><td style="text-align:left;width:3.3783in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro5"><td style="text-align:left;width:1.7965in; " class="ce2" /><td style="text-align:left;width:1.302in; " class="ce2" /><td style="text-align:left;width:0.8925in; " class="ce2" /><td style="text-align:left;width:1.0866in; " class="ce2" /><td style="text-align:left;width:1.2374in; " class="ce2" /><td style="text-align:left;width:1.0866in; " class="ce7" /><td style="text-align:left;width:3.3783in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /><td style="text-align:left;width:2.3563in; " class="ce10" /><td style="text-align:left;width:0.8925in; " class="ce2" /></tr><tr class="ro5"><td style="text-align:left;width:1.7965in; " class="Default" /><td style="text-align:left;width:1.302in; " class="Default" /><td style="text-align:left;width:0.8925in; " class="Default" /><td style="text-align:left;width:1.0866in; " class="Default" /><td style="text-align:left;width:1.2374in; " class="Default" /><td style="text-align:left;width:1.0866in; " class="ce7" /><td style="text-align:left;width:3.3783in; " class="ce12" /><td style="text-align:left;width:0.8925in; " class="Default" /><td style="text-align:left;width:2.3563in; " class="ce12" /><td style="text-align:left;width:0.8925in; " class="Default" /></tr><tr class="ro5"><td style="text-align:left;width:1.7965in; " class="Default" /><td style="text-align:left;width:1.302in; " class="Default" /><td style="text-align:left;width:0.8925in; " class="Default" /><td style="text-align:left;width:1.0866in; " class="Default" /><td style="text-align:left;width:1.2374in; " class="Default" /><td style="text-align:left;width:1.0866in; " class="ce7" /><td style="text-align:left;width:3.3783in; " class="ce12" /><td style="text-align:left;width:0.8925in; " class="Default" /><td style="text-align:left;width:2.3563in; " class="ce12" /><td style="text-align:left;width:0.8925in; " class="Default" /></tr></table><table border="0" cellspacing="0" cellpadding="0" class="ta1"><colgroup><col width="99" /></colgroup><tr class="ro5"><td style="text-align:left;width:0.8925in; " class="Default" /></tr></table><table border="0" cellspacing="0" cellpadding="0" class="ta1"><colgroup><col width="99" /></colgroup><tr class="ro5"><td style="text-align:left;width:0.8925in; " class="Default" /></tr></table></body></html>