AnsweredAssumed Answered

Two bugs found in asmack-android-8-4.0.4.jar

Question asked by Alex_Lee on Nov 7, 2014
Latest reply on Nov 10, 2014 by Flow

I`m using asmack-android-8-4.0.4.jar in my project, I found 2 bugs.

FIRST:

Log in with user A and successed , then call XMPPTCPConnection.disconnect(); log in with user B ,then the weird thing happens ,its not user B logged in but user A .I have looked up the source code ,I think the problem is at XMPPConnection.wasAuthenticated.When user A logged in and disconnect,the connection made "wasAuthenticated" as true , the next time I call XMPPConnection.connect() ,it will call XMPPConnection.connectInternal() which will has user A logged in .

SECOND:

Log in with the WRONG password just for SASLErrorException.SASLError.not_authorized , then log in with the RIGHT password , it will always throw SASLErrorException.SASLError.not_authorized, the user can never login .I have looked up the source code , I think the problem is at SASLAuthentication.saslFailure. When log in with the WRONG password ,SASLAuthentication.authenticationFailed() will be called and the SASLAuthentication.saslFailure will not be null ,When log in with the RIGHT password ,SASLAuthentication.authenticated() will be called but SASLAuthentication.saslFailure is still not null , then it will throw SASLErrorException, so the user cannot log in unless XMPPConnection.connect() is called before XMPPConnection.login() which will set SASLAuthentication.saslFailure as null .

ps: Please ingore my poor english .

Outcomes