NPE with jabber.ru (#1341)

Activities

wojciech.kapcia@tigase.net opened 2 years ago

[2022-12-23 09:05:53:441] [FINER   ] [  in_4-message-archive ] StanzaProcessor.processPacket()  : Stream opened: {xmlns:stream=http://etherx.jabber.org/streams, xmlns=jabber:server, id=11079074938468489778, version=1.0, xmlns:db=jabber:server:dialback} [CID: tigase.im@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: tigase.im@jabber.ru, S2SIOService, UniqueId: 172.23.0.3_37782_172.104.234.182_5269, type: -> outgoing (connect), SocketIO, ID: tigase.im@jabber.ru/5ff168c4-d046-4106-9ec3-92cd2d3bdbac, disconnected Socket[addr=/172.104.234.182,port=5269,localport=37782]]
[2022-12-23 09:05:53:441] [CONFIG  ] [  in_4-message-archive ] StanzaProcessor.processPacket()  : Incorrect XML data: <?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server' xmlns:db='jabber:server:dialback' id='11079074938468489778' version='1.0'>, stopping connection  [CID: tigase.im@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: tigase.im@jabber.ru, S2SIOService, UniqueId: 172.23.0.3_37782_172.104.234.182_5269, type: -> outgoing (connect), SocketIO, ID: tigase.im@jabber.ru/5ff168c4-d046-4106-9ec3-92cd2d3bdbac, connected Socket[addr=/172.104.234.182,port=5269,localport=37782]] exception: 
java.lang.NullPointerException
	at java.base/java.util.concurrent.ConcurrentSkipListMap.doGet(Unknown Source)
	at java.base/java.util.concurrent.ConcurrentSkipListMap.containsKey(Unknown Source)
	at java.base/java.util.concurrent.ConcurrentSkipListMap$KeySet.contains(Unknown Source)
	at tigase.db.comp.ConfigRepository.contains(ConfigRepository.java:183)
	at tigase.db.comp.AbstractSDComponentRepositoryBean.contains(AbstractSDComponentRepositoryBean.java:78)
	at tigase.vhosts.VHostManager.isLocalDomain(VHostManager.java:289)
	at tigase.vhosts.VHostManager.isLocalDomainOrComponent(VHostManager.java:294)
	at tigase.server.BasicComponent.isLocalDomainOrComponent(BasicComponent.java:788)
	at tigase.server.xmppserver.S2SConnectionManager.validateCIDConnection(S2SConnectionManager.java:489)
	at tigase.server.xmppserver.proc.StreamOpen.streamOpened(StreamOpen.java:133)
	at tigase.server.xmppserver.S2SConnectionManager.xmppStreamOpened(S2SConnectionManager.java:462)
	at tigase.server.xmppserver.S2SConnectionManager.xmppStreamOpened(S2SConnectionManager.java:51)
	at tigase.xmpp.XMPPIOService.xmppStreamOpened(XMPPIOService.java:600)
	at tigase.xmpp.XMPPDomBuilderHandler.startElement(XMPPDomBuilderHandler.java:235)
	at tigase.xml.SimpleParser.parse(SimpleParser.java:293)
	at tigase.xmpp.XMPPIOService.processSocketData(XMPPIOService.java:514)
	at tigase.net.IOService.call(IOService.java:212)
	at tigase.xmpp.XMPPIOService.call(XMPPIOService.java:155)
	at tigase.xmpp.XMPPIOService.call(XMPPIOService.java:54)
	at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
	at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.base/java.lang.Thread.run(Unknown Source)
[2022-12-23 09:05:53:441] [FINEST  ] [  in_4-message-archive ] StanzaProcessor.processPacket()  : Missing service connected timer task: CID: tigase.im@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: tigase.im@jabber.ru, S2SIOService, UniqueId: 172.23.0.3_37782_172.104.234.182_5269, type: -> outgoing (connect), SocketIO, ID: tigase.im@jabber.ru/5ff168c4-d046-4106-9ec3-92cd2d3bdbac, disconnected Socket[addr=/172.104.234.182,port=5269,localport=37782]
[2022-12-23 09:05:53:441] [FINE    ] [  in_4-message-archive ] StanzaProcessor.processPacket()  : [[s2s]] Connection stopped: CID: tigase.im@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: tigase.im@jabber.ru, S2SIOService, UniqueId: 172.23.0.3_37782_172.104.234.182_5269, type: -> outgoing (connect), SocketIO, ID: tigase.im@jabber.ru/5ff168c4-d046-4106-9ec3-92cd2d3bdbac, disconnected Socket[addr=/172.104.234.182,port=5269,localport=37782]
[2022-12-23 09:05:53:441] [FINEST  ] [  in_4-message-archive ] StanzaProcessor.processPacket()  : [[s2s]] processing undelivered packets: 0
[2022-12-23 09:05:53:441] [FINEST  ] [  in_4-message-archive ] StanzaProcessor.processPacket()  : Scheduling task for opening a new connection for: tigase.im@jabber.ru
[2022-12-23 09:05:53:441] [CONFIG  ] [  in_4-message-archive ] StanzaProcessor.processPacket()  : [[s2s]] S2S Connection stopped: CID: tigase.im@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: tigase.im@jabber.ru, S2SIOService, UniqueId: 172.23.0.3_37782_172.104.234.182_5269, type: -> outgoing (connect), SocketIO, ID: tigase.im@jabber.ru/5ff168c4-d046-4106-9ec3-92cd2d3bdbac, disconnected Socket[addr=/172.104.234.182,port=5269,localport=37782]
[2022-12-23 09:05:53:441] [FINEST  ] [  in_4-message-archive ] StanzaProcessor.processPacket()  : Running scheduled task for openning a new connection for: tigase.im@jabber.ru
[2022-12-23 09:05:53:441] [FINEST  ] [  in_4-message-archive ] StanzaProcessor.processPacket()  : Checking DNS for host: jabber.ru for: tigase.im@jabber.ru
[2022-12-23 09:05:53:441] [FINEST  ] [  in_4-message-archive ] StanzaProcessor.processPacket()  : STARTING new connection: tigase.im@jabber.ru, params: {cert-required-domain=jabber.ru, cid=tigase.im@jabber.ru, ifc=[Ljava.lang.String;@7abde8d, local-hostname=tigase.im, port-no=5269, remote-hostname=jabber.ru, remote-ip=172.104.234.182, s2s-connection-key=S2S: null, socket=plain, srv-type=_xmpp-server._tcp, type=connect}
[2022-12-23 09:05:53:441] [FINER   ] [  in_4-message-archive ] StanzaProcessor.processPacket()  : Adding waiting task: {cert-required-domain=jabber.ru, cid=tigase.im@jabber.ru, ifc=[Ljava.lang.String;@7abde8d, local-hostname=tigase.im, port-no=5269, remote-hostname=jabber.ru, remote-ip=172.104.234.182, s2s-connection-key=S2S: null, socket=plain, srv-type=_xmpp-server._tcp, type=connect}, started: true, delayPortListening: false, to: []
[2022-12-23 09:05:53:441] [FINER   ] [  in_4-message-archive ] StanzaProcessor.processPacket()  : Reconnecting service for: s2s, scheduling next try in 2 seconds, cid: tigase.im@jabber.ru, props: {cert-required-domain=jabber.ru, cid=tigase.im@jabber.ru, ifc=[Ljava.lang.String;@7abde8d, local-hostname=tigase.im, port-no=5269, remote-hostname=jabber.ru, remote-ip=172.104.234.182, s2s-connection-key=S2S: null, socket=plain, srv-type=_xmpp-server._tcp, type=connect}

wojciech.kapcia@tigase.net commented 2 years ago

I fixed the NPE by including additional check. However, that wouldn't allow connections from the server. Original issue (#issue #1309) was caused only for incoming connections having random to addresses. So to avoid generating odd certificates (by only allowing connections with proper to) and considering RFC: "Interoperability Note: It is possible that implementations based on [RFC3920] will not include the 'from' address on any stream headers (even ones whose confidentiality and integrity are protected); an entity SHOULD be liberal in accepting such stream headers." I opted to verifying that only to header is present and correct.

I think it should be fine at this point, what od you think @andrzej.wojcik ?

wojciech.kapcia@tigase.net commented 2 years ago

tigase.im updated. issue seems to be resolved.

wojciech.kapcia@tigase.net commented 2 years ago

On a semi-related note, jabbercity.ru got updated to more recent ejabberd:

<iq id='ver' type='get' to='jabbercity.ru'>
<query xmlns='jabber:iq:version'/>
</iq>

<!--   2022-12-26T21:22:51Z   <<<<   -->
<iq from='jabbercity.ru' xmlns='jabber:client' to='wojtek@tigase.org/966238979-tigase-2' id='ver' type='result'>
<query xmlns='jabber:iq:version'>
<name>ejabberd</name>
<version>22.10.0</version>
</query>
</iq>

Andrzej Wójcik (Tigase) commented 2 years ago

I think that verifying only to header is good as it would allow other servers to connect to us as long as they support RFC. In my opinion that is very good and other servers (such as jabbercity.ru) should be updated (they had over 5 years old version of ejabberd).

wojciech.kapcia@tigase.net batch edited 6 months ago

Name	Previous Value	Current Value
Iterations	empty	tigase-server-8.4.0

Type	Bug
Priority	Normal
Assignee	wojciech.kapcia@tigase.net
Version	tigase-server-8.4.0

Iterations

tigase-server-8.4.0 Closed

Issue Votes (0)

Watchers (2)

Reference

tigase/_server/server-core#1341