Andrzej Wójcik (Tigase) opened 2 years ago
|
|||||||
I concur. The check was intended only for message stanzas (as it dealt with that particular stanza). Other stanzas are processed in other parts of the system and have different semantics. AFAIR all message stanzas must possess I added check for if the packet is a Message and NPE protection. |
|||||||
@wojtek I'm not sure, but I think it may be allowed for message to be sent by the server to the client with empty |
|||||||
But I think that your fix may cover this case as well. |
|||||||
Hmm, that could be possible though I added null check (and unittest), so it should be ok. I just updated tigase.im. |
|||||||
wojciech.kapcia@tigase.net batch edited 7 months ago
|
Type |
Bug
|
Priority |
Normal
|
Assignee | |
Version |
tigase-server-8.4.0
|
-
tigase-server-8.4.0 Closed
There is an NPE being thrown in the
MessageDelieveryLogic
class:In this code, there is an assumption, according to comments, that it works on/tests messages, while
preProcess()
method inXMPPPreprocessorIfc
is called without any checks nor filtering, which means that any type of packet (iq
/message
/presence
) may be tested with those rules.Another issue is that this code assumes that
to
for the stanza is set. According to RFC, if there is noto
, then the stanza should be processed locally by the server and I think in this case, server sent to the client (from the domain bare jid) some iq request and client in response removedto
as it was not needed (according to the client). Then foriq
this packet should not be blocked.I think we need to add
NPE
protection, and make sure that this check is done only formessage
stanzas.