Projects tigase _server server-core Issues #1317
NPE on empty password in jabber:iq:auth (#1317)
wojciech.kapcia@tigase.net opened 3 years ago
[2022-03-19 02:12:03:467] [FINEST  ] [ jabber:iq:auth-proc-0 ] DomainFilter.filter()            : Filtering (packet): from=c2s@ip-172-31-20-109.us-west-2.compute.internal/172.26.0.2_5222_172.31.26.81_20946, to=sess-man@ip-172-31-20-109.us-west-2.compute.internal, serverAuthorisedStanzaFrom=Optional.empty, DATA=<iq id="mira622e13a35eac130_2" type="set" xmlns="jabber:client"><query xmlns="jabber:iq:auth"><username>abcde123</username><password/><resource>Miranda</resource></query></iq>, SIZE=172, XMLNS=jabber:client, PRIORITY=NORMAL, PERMISSION=LOCAL, TYPE=set, STABLE_ID=d9f2de0b-c7a0-42c3-b72f-aba5fc62fafb
[2022-03-19 02:12:03:467] [FINEST  ] [ jabber:iq:auth-proc-0 ] SessionManager.processPacket()   : Packet processed by: [jabber:iq:auth]
[2022-03-19 02:12:03:495] [WARNING ] [ jabber:iq:auth-proc-0 ] JabberIqAuth.doAuth()            : Can''t authenticate with given CallbackHandler
java.io.IOException: Password verification problem.
	at tigase.auth.impl.PlainCallbackHandler.handleVerifyPasswordCallback(PlainCallbackHandler.java:188)
	at tigase.auth.impl.PlainCallbackHandler.handleCallback(PlainCallbackHandler.java:121)
	at tigase.auth.impl.PlainCallbackHandler.handle(PlainCallbackHandler.java:69)
	at tigase.xmpp.impl.JabberIqAuth.doAuth(JabberIqAuth.java:288)
	at tigase.xmpp.impl.JabberIqAuth.process(JabberIqAuth.java:195)
	at tigase.server.xmppsession.SessionManager$ProcessorWorkerThread.process(SessionManager.java:2685)
	at tigase.util.processing.WorkerThread.run(WorkerThread.java:67)
Caused by: java.lang.NullPointerException
	at tigase.auth.mechanisms.AbstractSaslSCRAM.normalize(AbstractSaslSCRAM.java:138)
	at tigase.auth.credentials.entries.ScramCredentialsEntry.verifyPlainPassword(ScramCredentialsEntry.java:79)
	at tigase.auth.impl.PlainCallbackHandler.handleVerifyPasswordCallback(PlainCallbackHandler.java:175)
	... 6 more
wojciech.kapcia@tigase.net commented 3 years ago

Issue caused by the missing statement in block checking if the password is present. Corrected couple of similar issues in JabberIqAuth and SaslAuth.

issue 1 of 1
Type
Bug
Priority
Normal
Assignee
Version
tigase-server-8.3.0
Spent time
1h
Issue Votes (0)
Watchers (0)
Reference
tigase/_server/server-core#1317
Please wait...
Page is in error, reload to recover