Bug #3920

stuck in "Signing in" after DNS SRV lookup failure

Added by stuart763 about 3 years ago. Updated over 2 years ago.

Status:NewStart date:10/22/2014
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:v15 - AWESOME APP
Component:

Description

hello

ChatSecure 14.0.4 gets stuck in a "Signing in" state forever on a Nexus 7 2012 Wifi (running CyanogenMod version 11-20140916-SNAPSHOT-M10-grouper).

Assume that my XMPP account is . I have an SRV entry for pook.it:

_xmpp-client._tcp.pook.it. 1800 IN SRV 0 5 5222 mail2.pook.it.

When ChatSecure is stuck in the "Signing in" state and I connect my Nexus 7 to an access point that I control I see the standard DNS lookups that Android makes when it connects, the DNS lookups for my email connection and pook.it (213.186.33.87). I do not see any DNS lookups for _xmpp-client._tcp.pook.it. Why is my Nexus 7 doing a DNS lookup for pook.it? Please see the attached file of "dnsmasq --log-queries" output.

Then tcpdump -i wlan0 -q "port xmpp-client or port xmpp-server" shows a continuous stream of connections to cluster014.ovh.net. cluster014.ovh.net is the fqdn of the IP address of pook.it (213.186.33.87). This is wrong. ChatSecure should never connect to cluster014.ovh.net. cluster014.ovh.net is not under my control and I don't know what is listening on cluster014.ovh.net:5222. Please see the attached tcpdump.

What I think is happening is that at some point the DNS/SRV lookup of _xmpp-client._tcp.pook.it is failing and then ChatSecure gets stuck trying to connect to pook.it.

I think that ChatSecure should reattempt the DNS/SRV lookup after every failed connection attempt unless it has had a recent successful DNS/SRV lookup. A failed connection might be caused by connecting to the wrong address after a temporary DNS/SRV lookup failure. Or perhaps ChatSecure should not attempt to connect until the DNS/SRV lookup has succeeded or indicated that there isn't a DNS/SRV entry. Until this lookup has worked ChatSecure does not know what IP address it should connect to.

Even after switching the Wifi off and on again I do not see a DNS lookup of _xmpp-client._tcp.pook.it. I do however see a DNS lookup of pook.it. Failed DNS/SVR lookups should not be cached.

I guess that I was sending my login credentials to cluster014.ovh.net and that this is a security risk. I should now change my password.

info.guardianproject.otr.app.im.plugin.xmpp.initConnection is complicated so I might have misunderstood the problem.

It would be useful if the "Signing in" message indicated what IP address ChatSecure is trying to connect to. In my case it could say "Signing in to _xmpp-client._tcp.pook.it", then "Signing in to mail2.pook.it" and then "Signing in to 88.171.134.228". When the SRV DNS lookup failed I would have seen "Signing in to _xmpp-client._tcp.pook.it", then "Signing in to pook.it" and then "Signing in to 213.186.33.87" and would have understood the problem much quicker.

thanks for ChatSecure
Stuart

tcpdump.txt Magnifier - tcpdump of xmpp traffic from my Nexus 7 (6.36 KB) stuart763, 10/22/2014 08:42 pm

dnsmasq.txt Magnifier - DNS lookups from my Nexus 7 (5.33 KB) stuart763, 10/22/2014 08:43 pm

History

#1 Updated by n8fr8 over 2 years ago

  • Target version set to v15 - AWESOME APP

Also available in: Atom PDF