0 Replies Latest reply on Jan 11, 2017 10:00 AM by Hal Deadman

    stackoverflow error with EXTERNAL SASL auth to https listener

    Hal Deadman

      Could I get a bug opened for the stack overflow issue discussed in this pull request? 

      4.0.x branch - EXTERNAL auth with BOSH - avoid NPE when peer certificates array is null by hdeadman · Pull Request #638 …

       

      The pull request was for 4.0 branch but one of the errors addressed by it is still happening in 4.1.1.

       

      Here is the stack trace en-route to the stackoverflowerror.

      ...

      HttpSession$HttpVirtualConnection.getConfiguration() line: 1146
      HttpSession$HttpVirtualConnection.getConfiguration() line: 1146
      HttpSession$HttpVirtualConnection.getConfiguration() line: 1146
      HttpSession$HttpVirtualConnection.getConfiguration() line: 1146
      HttpSession$HttpVirtualConnection.getConfiguration() line: 1146
      HttpSession$HttpVirtualConnection.getConfiguration() line: 1146
      HttpSession$HttpVirtualConnection.getConfiguration() line: 1146
      HttpSession$HttpVirtualConnection.getConfiguration() line: 1146
      HttpSession$HttpVirtualConnection.getConfiguration() line: 1146
      ExternalClientSaslServer.evaluateResponse(byte[]) line: 65
      SASLAuthentication.handle(LocalSession, Element) line: 324
      SessionPacketRouter.route(Element) line: 64
      HttpSession.sendPendingPackets() line: 639
      HttpSession$HttpPacketSender.run() line: 1271
      ThreadPoolExecutor.runWorker(ThreadPoolExecutor$Worker) line: 1142
      ThreadPoolExecutor$Worker.run() line: 617
      Thread.run() line: 745

       

      The HttpSession$HttpVirtualConnection is doing:

       

              public ConnectionConfiguration getConfiguration() {

                  return session.getConnection().getConfiguration();

              }

       

      and session.getConnection() is returning a reference to itself so it gets stuck recursively calling itself. The other implementations of getConfiguration() are either returning null or generating global configuration for C2S or S2S. They typically have comments about how its a hack but I think they are preferable to a StackOverflowError.  Would a pull request that made getConfiguration() from HttpSession$HttpVirtualConnection look like the impl in ClientSessionConnection be acceptable?

       

      For example, in ClientSessionConnection:

          public ConnectionConfiguration getConfiguration()

          {

              // Here, a client-to-server configuration is mocked. It is likely not used, as actual connection handling takes

              // place at the connection manager.

              final ConnectionManagerImpl connectionManager = ((ConnectionManagerImpl) XMPPServer.getInstance().getConnectionManager());

              return connectionManager.getListener( ConnectionType.SOCKET_C2S, true ).generateConnectionConfiguration();

          }

       

      and SocketConnection:

          public ConnectionConfiguration getConfiguration()

          {

              // This is an ugly hack to get backwards compatibility with the pre-MINA era. As this implementation is being

              // removed (it is marked as deprecated - at the time of writing, it is only used for S2S). The ugly hack: assume

              // S2S:

              final ConnectionManagerImpl connectionManager = ((ConnectionManagerImpl) XMPPServer.getInstance().getConnectionManager());

              return connectionManager.getListener( ConnectionType.SOCKET_S2S, false ).generateConnectionConfiguration();

          }