[PATCH] XMLSocket Flash Client Support 3.6.0+

Ben_Vinson · November 17, 2008, 8:10pm

I believe Openfire 3.6.0 broke support for XMLSocket Flash clients which append a NULL byte at the end of messages. There is currently a line in XMLLightweightParser which throws an exception if a NULL byte is parsed. To work around this issue, an exception for NULL bytes needs to be added around line 207:

ch = buf[i];
            if (ch < 0x20 && ch != 0x9 && ch != 0xA && ch != 0xD && ch != 0x0) {
     //Unicode characters in the range 0x0000-0x001F other than 9, A, and D are not allowed in XML
     //We need to allow the NULL character, however, for Flash XMLSocket clients to work.
     throw new Exception("Disallowed character");
}

I’m not sure if there is a better way to do this, as the isFlash() method doesn’t work on a connection until the first stanza has been received. Previously, the connection was being terminated when the Flash movie sends the initial .

It would be nice if this (or something similar to it) could be merged into the main branch. I don’t have enough knowledge to know if anything depends on NULL bytes throwing an exception or not, but it definitely sucks to have Flash clients broken.

Edit: Previous patch was throwing an exception in some cases, sorry about that This new one works for me, please try it out.

wroot · November 17, 2008, 9:36pm

Hi,

I can try to file this as a bug in a bug tracking system (JIRA), though i dont have enough flash knowledge to approve that. But as i read the comments it looks like a truth, about those NULL bytes. And i will add your “patch”, though it would be nice to have a diff patch, but this is better than nothing.

wroot · November 17, 2008, 9:44pm

You can watch this so far http://www.igniterealtime.org/issues/browse/JM-1495

Ben_Vinson · November 17, 2008, 11:05pm

I’ll work on creating a diff, sorry about that.

Ben_Vinson · November 17, 2008, 11:31pm

Actually, the patch above it throwing an error under some circumstances, I’m going to simplify it and post a diff as well as updating the original post. Sorry about that!

Ben_Vinson · November 17, 2008, 11:45pm

A new patch (with diff) is in the original post. This seems to work for me, it would be nice if others could test it out as well.

wroot · November 18, 2008, 3:41pm

Good. I will attach you patch to a bug ticket in JIRA. I can’t test it myself, but maybe Gato will apply it and then we can test it with the next nightly build of the Openfire.

Gaston_Dombiak · November 21, 2008, 1:40am

FYI, issue solved for 3.6.2.

– Gato

Sajid1 · November 26, 2008, 10:34pm

These links will help u with 3.6.2 security issue

Summary dont load crossdomain.xml just load socket server liek this Security.loadPolicyFile("xmlsocket://"+ server +":5229");

further read these

-Sajid