When I send an XMPP message long enough to span several TCP packets, and if the connection is (voluntarily) not encrypted, and if the message contains Chinese characters for example, then OpenFire 3.3.0 fails to parse the packet correctly.
The result is that OpenFire sees a bunch of (\u0) characters, usually at the exact location where the XML was split across several TCP packet. If this happens to be inside an XML element, the parsing fails completely, and OpenFire closes the connection!
Here is an example of the resulting stacktrace, where the corruption occurs in the closing :
2007.05.09 16:20:21 org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandle r.java:134) Closing connection due to error while processing message: </message\u0… @1:607)
at org.xmlpull.mxp1.MXParser.parseEndTag(MXParser.java:1707)
at org.jivesoftware.openfire.net.MXParser.nextImpl(MXParser.java:103)
at org.xmlpull.mxp1.MXParser.nextToken(MXParser.java:1100)
at org.dom4j.io.XMPPPacketReader.parseDocument(XMPPPacketReader.java:317)
at org.dom4j.io.XMPPPacketReader.read(XMPPPacketReader.java:154)
at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:123)
at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandl er.java:132)
at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived (AbstractIoFilterChain.java:703)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:362)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:54)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:800)
at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimplePr otocolDecoderOutput.java:62)
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecF ilter.java:200)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:362)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt
How to reproduce:
I can reproduce this very easily using Spark (2.5.2):
-
On the OpenFire 3.3.0 server, disallow Old SSL and TLS methods in the Security Settings.
-
Connect to the OpenFire server using Spark 2.5.2, then open a new chatroom.
-
Paste the following message in the chat, the result should be a message box saying that you’'re disconnected:
??? ??? ??? ??? ??? ???
This weird message is made of 57 dash characters, followed by about 420 times the unicode U6771 character.
-
Look at the exception in the OpenFire log.
-
If you enable TLS this does not happen, which would indicate that the SSL tunneling does a better job at preserving the UTF8 bytes.
I have had the exact same problem sending messages using Smack 3.0.2, which I could only work around by manually escaping the characters using XML entities.
If this is not a bug, please tell me how it is supposed to work