Projects tigase _server server-core Issues #1341
NPE with jabber.ru (#1341)
wojciech.kapcia@tigase.net opened 2 years ago
[2022-12-23 09:05:53:441] [FINER   ] [  in_4-message-archive ] StanzaProcessor.processPacket()  : Stream opened: {xmlns:stream=http://etherx.jabber.org/streams, xmlns=jabber:server, id=11079074938468489778, version=1.0, xmlns:db=jabber:server:dialback} [CID: tigase.im@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: tigase.im@jabber.ru, S2SIOService, UniqueId: 172.23.0.3_37782_172.104.234.182_5269, type: -> outgoing (connect), SocketIO, ID: tigase.im@jabber.ru/5ff168c4-d046-4106-9ec3-92cd2d3bdbac, disconnected Socket[addr=/172.104.234.182,port=5269,localport=37782]]
[2022-12-23 09:05:53:441] [CONFIG  ] [  in_4-message-archive ] StanzaProcessor.processPacket()  : Incorrect XML data: <?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server' xmlns:db='jabber:server:dialback' id='11079074938468489778' version='1.0'>, stopping connection  [CID: tigase.im@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: tigase.im@jabber.ru, S2SIOService, UniqueId: 172.23.0.3_37782_172.104.234.182_5269, type: -> outgoing (connect), SocketIO, ID: tigase.im@jabber.ru/5ff168c4-d046-4106-9ec3-92cd2d3bdbac, connected Socket[addr=/172.104.234.182,port=5269,localport=37782]] exception: 
java.lang.NullPointerException
	at java.base/java.util.concurrent.ConcurrentSkipListMap.doGet(Unknown Source)
	at java.base/java.util.concurrent.ConcurrentSkipListMap.containsKey(Unknown Source)
	at java.base/java.util.concurrent.ConcurrentSkipListMap$KeySet.contains(Unknown Source)
	at tigase.db.comp.ConfigRepository.contains(ConfigRepository.java:183)
	at tigase.db.comp.AbstractSDComponentRepositoryBean.contains(AbstractSDComponentRepositoryBean.java:78)
	at tigase.vhosts.VHostManager.isLocalDomain(VHostManager.java:289)
	at tigase.vhosts.VHostManager.isLocalDomainOrComponent(VHostManager.java:294)
	at tigase.server.BasicComponent.isLocalDomainOrComponent(BasicComponent.java:788)
	at tigase.server.xmppserver.S2SConnectionManager.validateCIDConnection(S2SConnectionManager.java:489)
	at tigase.server.xmppserver.proc.StreamOpen.streamOpened(StreamOpen.java:133)
	at tigase.server.xmppserver.S2SConnectionManager.xmppStreamOpened(S2SConnectionManager.java:462)
	at tigase.server.xmppserver.S2SConnectionManager.xmppStreamOpened(S2SConnectionManager.java:51)
	at tigase.xmpp.XMPPIOService.xmppStreamOpened(XMPPIOService.java:600)
	at tigase.xmpp.XMPPDomBuilderHandler.startElement(XMPPDomBuilderHandler.java:235)
	at tigase.xml.SimpleParser.parse(SimpleParser.java:293)
	at tigase.xmpp.XMPPIOService.processSocketData(XMPPIOService.java:514)
	at tigase.net.IOService.call(IOService.java:212)
	at tigase.xmpp.XMPPIOService.call(XMPPIOService.java:155)
	at tigase.xmpp.XMPPIOService.call(XMPPIOService.java:54)
	at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
	at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.base/java.lang.Thread.run(Unknown Source)
[2022-12-23 09:05:53:441] [FINEST  ] [  in_4-message-archive ] StanzaProcessor.processPacket()  : Missing service connected timer task: CID: tigase.im@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: tigase.im@jabber.ru, S2SIOService, UniqueId: 172.23.0.3_37782_172.104.234.182_5269, type: -> outgoing (connect), SocketIO, ID: tigase.im@jabber.ru/5ff168c4-d046-4106-9ec3-92cd2d3bdbac, disconnected Socket[addr=/172.104.234.182,port=5269,localport=37782]
[2022-12-23 09:05:53:441] [FINE    ] [  in_4-message-archive ] StanzaProcessor.processPacket()  : [[s2s]] Connection stopped: CID: tigase.im@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: tigase.im@jabber.ru, S2SIOService, UniqueId: 172.23.0.3_37782_172.104.234.182_5269, type: -> outgoing (connect), SocketIO, ID: tigase.im@jabber.ru/5ff168c4-d046-4106-9ec3-92cd2d3bdbac, disconnected Socket[addr=/172.104.234.182,port=5269,localport=37782]
[2022-12-23 09:05:53:441] [FINEST  ] [  in_4-message-archive ] StanzaProcessor.processPacket()  : [[s2s]] processing undelivered packets: 0
[2022-12-23 09:05:53:441] [FINEST  ] [  in_4-message-archive ] StanzaProcessor.processPacket()  : Scheduling task for opening a new connection for: tigase.im@jabber.ru
[2022-12-23 09:05:53:441] [CONFIG  ] [  in_4-message-archive ] StanzaProcessor.processPacket()  : [[s2s]] S2S Connection stopped: CID: tigase.im@jabber.ru, IN: 0, OUT: 0, authenticated: false, remote-session-id: null, streamNegotiationCompleted: false, jid: tigase.im@jabber.ru, S2SIOService, UniqueId: 172.23.0.3_37782_172.104.234.182_5269, type: -> outgoing (connect), SocketIO, ID: tigase.im@jabber.ru/5ff168c4-d046-4106-9ec3-92cd2d3bdbac, disconnected Socket[addr=/172.104.234.182,port=5269,localport=37782]
[2022-12-23 09:05:53:441] [FINEST  ] [  in_4-message-archive ] StanzaProcessor.processPacket()  : Running scheduled task for openning a new connection for: tigase.im@jabber.ru
[2022-12-23 09:05:53:441] [FINEST  ] [  in_4-message-archive ] StanzaProcessor.processPacket()  : Checking DNS for host: jabber.ru for: tigase.im@jabber.ru
[2022-12-23 09:05:53:441] [FINEST  ] [  in_4-message-archive ] StanzaProcessor.processPacket()  : STARTING new connection: tigase.im@jabber.ru, params: {cert-required-domain=jabber.ru, cid=tigase.im@jabber.ru, ifc=[Ljava.lang.String;@7abde8d, local-hostname=tigase.im, port-no=5269, remote-hostname=jabber.ru, remote-ip=172.104.234.182, s2s-connection-key=S2S: null, socket=plain, srv-type=_xmpp-server._tcp, type=connect}
[2022-12-23 09:05:53:441] [FINER   ] [  in_4-message-archive ] StanzaProcessor.processPacket()  : Adding waiting task: {cert-required-domain=jabber.ru, cid=tigase.im@jabber.ru, ifc=[Ljava.lang.String;@7abde8d, local-hostname=tigase.im, port-no=5269, remote-hostname=jabber.ru, remote-ip=172.104.234.182, s2s-connection-key=S2S: null, socket=plain, srv-type=_xmpp-server._tcp, type=connect}, started: true, delayPortListening: false, to: []
[2022-12-23 09:05:53:441] [FINER   ] [  in_4-message-archive ] StanzaProcessor.processPacket()  : Reconnecting service for: s2s, scheduling next try in 2 seconds, cid: tigase.im@jabber.ru, props: {cert-required-domain=jabber.ru, cid=tigase.im@jabber.ru, ifc=[Ljava.lang.String;@7abde8d, local-hostname=tigase.im, port-no=5269, remote-hostname=jabber.ru, remote-ip=172.104.234.182, s2s-connection-key=S2S: null, socket=plain, srv-type=_xmpp-server._tcp, type=connect}

wojciech.kapcia@tigase.net commented 2 years ago

I fixed the NPE by including additional check. However, that wouldn't allow connections from the server. Original issue (#issue #1309) was caused only for incoming connections having random to addresses. So to avoid generating odd certificates (by only allowing connections with proper to) and considering RFC: "Interoperability Note: It is possible that implementations based on [RFC3920] will not include the 'from' address on any stream headers (even ones whose confidentiality and integrity are protected); an entity SHOULD be liberal in accepting such stream headers." I opted to verifying that only to header is present and correct.

I think it should be fine at this point, what od you think @andrzej.wojcik ?

wojciech.kapcia@tigase.net commented 2 years ago

tigase.im updated. issue seems to be resolved.

wojciech.kapcia@tigase.net commented 2 years ago

On a semi-related note, jabbercity.ru got updated to more recent ejabberd:

<iq id='ver' type='get' to='jabbercity.ru'>
<query xmlns='jabber:iq:version'/>
</iq>

<!--   2022-12-26T21:22:51Z   <<<<   -->
<iq from='jabbercity.ru' xmlns='jabber:client' to='wojtek@tigase.org/966238979-tigase-2' id='ver' type='result'>
<query xmlns='jabber:iq:version'>
<name>ejabberd</name>
<version>22.10.0</version>
</query>
</iq>
Andrzej Wójcik (Tigase) commented 2 years ago

I think that verifying only to header is good as it would allow other servers to connect to us as long as they support RFC. In my opinion that is very good and other servers (such as jabbercity.ru) should be updated (they had over 5 years old version of ejabberd).

wojciech.kapcia@tigase.net batch edited 7 months ago
Name Previous Value Current Value
Iterations
empty
tigase-server-8.4.0
issue 1 of 1
Type
Bug
Priority
Normal
Assignee
Version
tigase-server-8.4.0
Iterations
Issue Votes (0)
Watchers (2)
Reference
tigase/_server/server-core#1341
Please wait...
Page is in error, reload to recover