Not logged in. · Lost password · Register
Forum: agsXMPP RSS
Unicode Tags throwing an exception of type 'agsXMPP.Xml.Xpnet.InvalidTokenException'
Avatar
fr3akb0y 2020-07-31, 10:44 #1
Member since Sep 2017 · 22 posts
Group memberships: Members
Show profile · Link to this post
Subject: Unicode Tags throwing an exception of type 'agsXMPP.Xml.Xpnet.InvalidTokenException'
Hello alex,

It has been found that some of the users purposefully sending presence updates/iq packets with Unicode tags to disconnect the session,

Later debugging i got to know that exception is throwing from tokenizeContent function of agsxmpp.Xml.Xpnet.Encoding.cs

Could you please help me to solve this issue?

<presence from="user@Host" to="user2@Host"> <???? xmlns='????'>????</????></presence>

I know this should be restricted from the Server itself, But i need the solution to fix the exception or disconnection without skipping the presence update


EDIT: The Unicode symbols disappeared after saving the post
The author has attached one file to this post:
capture.PNG 2.6 kBytes
You have no permission to open this file.
Avatar
Alex 2020-07-31, 10:59 #2
Member since Feb 2003 · 4449 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
The XPNet tokenizer (parser) does validations for allowed characters.
When you want to allow certain invalid characters then you have to relax the parser and patch it yourself to skip those validations.

Alex
Avatar
fr3akb0y 2020-07-31, 12:19 #3
Member since Sep 2017 · 22 posts
Group memberships: Members
Show profile · Link to this post
Thank you so much for the reply, Could you please give me a clue about where should i start as those codes are really confusing ?



On function TOK scanLt()

case BT_LEAD3:
                if (end - off < 3)
                    throw new PartialCharException(off);
                if (byteType3(buf, off) != BT_NMSTRT)
                    throw new InvalidTokenException(off);
                off += 3;
                break;

This is where the exception is throwing
This post was edited on 2020-07-31, 12:34 by fr3akb0y.
Avatar
Alex 2020-07-31, 14:02 #4
Member since Feb 2003 · 4449 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Write some unit test cases, then you can debug the code and verify your expected results.

Alex
Avatar
fr3akb0y 2020-07-31, 14:15 #5
Member since Sep 2017 · 22 posts
Group memberships: Members
Show profile · Link to this post
I have commented all exception throwing codes that i got while debugging and is working normally now, will it make any other issues?
Avatar
Alex 2020-07-31, 14:48 #6
Member since Feb 2003 · 4449 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
The exceptions are there for a reason.
You cannot just remove all of them.

Alex
Avatar
fr3akb0y 2020-07-31, 15:00 #7
Member since Sep 2017 · 22 posts
Group memberships: Members
Show profile · Link to this post
Unfortunately i had no other choice, Thank you for your replies
Avatar
Alex 2020-07-31, 17:55 #8
Member since Feb 2003 · 4449 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
In reply to post #5
Quote by fr3akb0y:
I have commented all exception throwing codes that i got while debugging and is working normally now, will it make any other issues?

yes this will cause issues. There are exceptions which are required for the code to work correctly with streaming XML.

Alex
Avatar
Alex 2020-08-08, 11:22 #9
Member since Feb 2003 · 4449 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Look at the 2 latest commits from here:
https://github.com/matrix-xmpp/matrix-vnext/commits/master

Alex
Avatar
fr3akb0y 2020-08-20, 10:20 #10
Member since Sep 2017 · 22 posts
Group memberships: Members
Show profile · Link to this post
This is what i exactly did, And i noticed in those commits you pasted have the exactly same Unicode string those i got from attackers
Avatar
Alex 2020-08-20, 11:26 #11
Member since Feb 2003 · 4449 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
The XML snippet was sent to me by another user of the library. This is why I put them as is in the unit tests.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:

Forum: agsXMPP RSS