Disconnected fom Openfire when sending URLs

I’ve noticed an issue where I’m disconnected from the Openfire server when trying to send URLs like this:

https://*******************************/?id=1404200104&img=1

The problem seems to be caused by multiple GET parameters on that URL. Here’s what the logs look like:

2014.07.14 19:20:46 org.jivesoftware.openfire.nio.ConnectionHandler - Closing connection due to error while processing message: https://***************************/?id=1404200104&img=1 [ https://***************************/?id=1404200104&img=1 ]<active xmlns='http://jabber.org/protocol/chatstates’/>

org.xmlpull.v1.XmlPullParserException: entity reference name can not contain character =’ (position: TEXT seen …**********************/?id=1404200104&img=… @1:241)

at org.xmlpull.mxp1.MXParser.parseEntityRef(MXParser.java:2222)

at org.jivesoftware.openfire.net.MXParser.nextImpl(MXParser.java:216)

at org.xmlpull.mxp1.MXParser.nextToken(MXParser.java:1100)

at org.dom4j.io.XMPPPacketReader.parseDocument(XMPPPacketReader.java:316)

at org.dom4j.io.XMPPPacketReader.read(XMPPPacketReader.java:153)

at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:153)

at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandl er.java:181)

at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived (AbstractIoFilterChain.java:570)

at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)

at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)

at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)

at org.apache.mina.common.IoFilterAdapter.messageReceived(IoFilterAdapter.java:80)

at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)

at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)

at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)

at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimplePr otocolDecoderOutput.java:58)

at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecF ilter.java:185)

at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)

at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)

at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)

at org.apache.mina.common.IoFilterAdapter.messageReceived(IoFilterAdapter.java:80)

at org.jivesoftware.openfire.plugin.RawPrintFilter.messageReceived(RawPrintFilter. java:66)

at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)

at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)

at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)

at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java :239)

at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(Execut orFilter.java:283)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)

at java.lang.Thread.run(Thread.java:745)

Btw… I’m running Openfire 3.9.3 on FreeBSD and Trillian 2.0.73 on OS X.

Filed as OF-833.

This is a client bug in Trillian. Trillian is sending the “&” unescaped - Openfire is doing exactly the right thing by rejecting it as bad XML.

If it didn’t do this, then it’s possible for someone to send specially crafted XML through, for example, a chatroom and disconnect all well-behaved clients.

(Closed OF-833 as Not A Bug)