NPE in SaslServerPlainImpl

Openfire
1

i got this NPE on 4.5.0 master branch

java.util.NoSuchElementException: null
        at java.util.StringTokenizer.nextToken(StringTokenizer.java:349) ~[?:1.8.0_202]
        at org.jivesoftware.openfire.sasl.SaslServerPlainImpl.evaluateResponse(SaslServerPlainImpl.java:115) ~[xmppserver-4.5.0-SNAPSHOT.jar:4.5.0-SNAPSHOT]
        at org.jivesoftware.openfire.net.SASLAuthentication.handle(SASLAuthentication.java:357) [xmppserver-4.5.0-SNAPSHOT.jar:4.5.0-SNAPSHOT]
        at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:185) [xmppserver-4.5.0-SNAPSHOT.jar:4.5.0-SNAPSHOT]
        at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandler.java:183) [xmppserver-4.5.0-SNAPSHOT.jar:4.5.0-SNAPSHOT]
        at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:1015) [mina-core-2.1.3.jar:?]
        at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650) [mina-core-2.1.3.jar:?]
        at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:49) [mina-core-2.1.3.jar:?]
        at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1128) [mina-core-2.1.3.jar:?]
        at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:122) [mina-core-2.1.3.jar:?]
        at org.jivesoftware.openfire.plugin.RawPrintFilter.messageReceived(RawPrintFilter.java:107) [xmldebugger-1.7.2.jar!/:?]
        at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650) [mina-core-2.1.3.jar:?]
        at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:49) [mina-core-2.1.3.jar:?]
        at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1128) [mina-core-2.1.3.jar:?]
        at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:122) [mina-core-2.1.3.jar:?]
        at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650) [mina-core-2.1.3.jar:?]
        at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:49) [mina-core-2.1.3.jar:?]
        at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1128) [mina-core-2.1.3.jar:?]
        at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:413) [mina-core-2.1.3.jar:?]
        at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:257) [mina-core-2.1.3.jar:?]
        at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650) [mina-core-2.1.3.jar:?]
        at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:49) [mina-core-2.1.3.jar:?]
        at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1128) [mina-core-2.1.3.jar:?]
        at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:106) [mina-core-2.1.3.jar:?]
        at org.apache.mina.core.session.IoEvent.run(IoEvent.java:89) [mina-core-2.1.3.jar:?]
        at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.runTask(OrderedThreadPoolExecutor.java:766) [mina-core-2.1.3.jar:?]
        at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.runTasks(OrderedThreadPoolExecutor.java:758) [mina-core-2.1.3.jar:?]
        at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.run(OrderedThreadPoolExecutor.java:697) [mina-core-2.1.3.jar:?]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_202]

i think adding NoSuchElementException to the catch block would solve this issue

2

This problem relates to code that is used for authentication purposes. Before we understand exactly why this is occurring, we should not hide this exception, as we might accidentally bypass important security considerations.

Exactly how do you reproduce this problem?

3

I am not able to say what excatly causes this Exception. In the logs i saw a presence stanza with type “unavailble” before the exception occurs.
but as i said in my PR (https://github.com/igniterealtime/Openfire/pull/1554) it should take care of wrong data send by a client. So the connection would be closed as the SASL Auth would be aborted correctly
Sadly my logs got overwritten and i allready fixed the exception in my code so it wont occur anymore

4

Thanks. I’ve created ticket https://issues.igniterealtime.org/browse/OF-1979 to track this issue.