Crash Auth from client

[Ben]

Hey guys, i'm wondering if anyone knows the fix for this:

Code:

gauthd: 17 Apr 2015 12:12:15,286  INFO GAuthServer:? - UserLogin:userid=6160,sid=44419,aid=1,zoneid=1,remaintime=0,free_time_left=0,free_time_end=0,func=0,funcparm=0,creatime=1428396641,adduppoint=0,soldpoint=0GQueryPasswd:account is xiaoćshu , login ip is 1108567067
Sending query to acquire password
Prepare procedure call:{call acquireuserpasswd(?,?,?)}
java.sql.SQLException: Incorrect string value: '\xC2\x87shu' for column 'name1' at row 1
	at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1072)
	at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3563)
	at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3495)
	at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1959)
	at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2113)
	at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2693)
	at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2102)
	at com.mysql.jdbc.PreparedStatement.execute(PreparedStatement.java:1364)
	at com.mysql.jdbc.CallableStatement.execute(CallableStatement.java:877)
	at application.procedure.handler.execute(handler.java:197)
	at com.goldhuman.account.storage.acquireIdPasswd(storage.java:419)
	at protocol.MatrixPasswd.Server(Unknown Source)
	at com.goldhuman.IO.Protocol.Rpc.Process(Unknown Source)
	at com.goldhuman.IO.Protocol.Task.run(Unknown Source)
	at com.goldhuman.Common.ThreadPool.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:701)
acquireIdPasswd exception:account=xiaoćshu
gauthd: 17 Apr 2015 12:13:32,360  INFO GAuthServer:? - GQueryPasswd:can not find user xiaoćshu
Prepare procedure call:{call recordoffline(?,?,?,?,?)}
gauthd: 17 Apr 2015 12:13:33,886  INFO GAuthServer:? - UserLogout::User 29056 logout successfully.
GQueryPasswd:account is xiaoćshu , login ip is 1108567067
Sending query to acquire password
Prepare procedure call:{call acquireuserpasswd(?,?,?)}
java.sql.SQLException: Incorrect string value: '\xC2\x87shu' for column 'name1' at row 1
	at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1072)
	at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3563)
	at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3495)
	at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1959)
	at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2113)
	at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2693)
	at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2102)
	at com.mysql.jdbc.PreparedStatement.execute(PreparedStatement.java:1364)
	at com.mysql.jdbc.CallableStatement.execute(CallableStatement.java:877)
	at application.procedure.handler.execute(handler.java:197)
	at com.goldhuman.account.storage.acquireIdPasswd(storage.java:419)
	at protocol.MatrixPasswd.Server(Unknown Source)
	at com.goldhuman.IO.Protocol.Rpc.Process(Unknown Source)
	at com.goldhuman.IO.Protocol.Task.run(Unknown Source)
	at com.goldhuman.Common.ThreadPool.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:701)
acquireIdPasswd exception:account=xiaoćshu
gauthd: 17 Apr 2015 12:13:36,066  INFO GAuthServer:? - GQueryPasswd:can not find user xiaoćshu
GQueryPasswd:account is xiaoćshu , login ip is 1108567067
Sending query to acquire password
Prepare procedure call:{call acquireuserpasswd(?,?,?)}
java.sql.SQLException: Incorrect string value: '\xC2\x87shu' for column 'name1' at row 198
	at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1072)
	at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3563)
	at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3495)
	at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1959)
	at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2113)
	at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2693)
	at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2102)
	at com.mysql.jdbc.PreparedStatement.execute(PreparedStatement.java:1364)
	at com.mysql.jdbc.CallableStatement.execute(CallableStatement.java:877)
	at application.procedure.handler.execute(handler.java:197)
	at com.goldhuman.account.storage.acquireIdPasswd(storage.java:419)
	at protocol.MatrixPasswd.Server(Unknown Source)
	at com.goldhuman.IO.Protocol.Rpc.Process(Unknown Source)
	at com.goldhuman.IO.Protocol.Task.run(Unknown Source)
	at com.goldhuman.Common.ThreadPool.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:701)
acquireIdPasswd exception:account=xiaoćshu
gauthd: 17 Apr 2015 12:13:39,527  INFO GAuthServer:? - GQueryPasswd:can not find user xiaoćshu

Some 3rd party is crashing the auth of the server by entering usernames that have characters that are not taken by the Auth.

We've tested it by making an account with chinese letters and then spam log it. Indeed, the auth crashed.

We tried changing auths, updating protocols etc.. but it doesn't seem to work.

Is there anywhere in the client where we can lock certain combinations from being entered in the username field?

Or are we just looking the complete wrong way on this issue?

Thnx

[MentaL]

[avalanche3]

change in table.xml file encoding from characterEncoding=utf8 to characterEncoding=ascii

[Ben]

hm think we did that already before, imma change it again and check for results.

Ty for the reply tho will get back shortly

[Bola]

delete this account and protect your regex from register to block characters like !? %`™~¥^'" characters like that can crash authd

[Ben]

delete this account and protect your regex from register to block characters like !? %`™~¥^'" characters like that can crash authd

Its not the regex bola, hulu's panel should be protected against characters like that + the account was deleted from the DB and still, the auth crashed.
So far the encoding change looks good, but will have to see if it stays.

[Bola]

say to him update panel fast, since another people can explore on another's servers, if I'm not wrong authd don't support Russian characters too

[Calas]

say to him update panel fast, since another people can explore on another's servers, if I'm not wrong authd don't support Russian characters too

The auth crashes even if the account is not in database

[Bola]

The auth crashes even if the account is not in database

authd crashes on aquire passwd, check by yourself

[GiantAxe]

what is the database collation set to?

utf8mb4 has extended support for chinese characters (AKA, 3 byte chars)

[Ben]

So far after a day it's still looking good. with the ascii change

[Ben]

Bumping thread:

Looks like he's back after the weekend.

Code:

GQueryPasswd:account is xiao_shućććććććććććććććććććććććććććććććććććććććććć , login ip is -1491901413
Sending query to acquire password
Prepare procedure call:{call acquireuserpasswd(?,?,?)}
com.mysql.jdbc.MysqlDataTruncation: Data truncation: Data too long for column 'name1' at row 1
    at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3561)
    at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3495)
    at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1959)
    at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2113)
    at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2693)
    at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2102)
    at com.mysql.jdbc.PreparedStatement.execute(PreparedStatement.java:1364)
    at com.mysql.jdbc.CallableStatement.execute(CallableStatement.java:877)
    at application.procedure.handler.execute(handler.java:197)
    at com.goldhuman.account.storage.acquireIdPasswd(storage.java:419)
    at protocol.MatrixPasswd.Server(Unknown Source)
    at com.goldhuman.IO.Protocol.Rpc.Process(Unknown Source)
    at com.goldhuman.IO.Protocol.Task.run(Unknown Source)
    at com.goldhuman.Common.ThreadPool.run(Unknown Source)
    at java.lang.Thread.run(Thread.java:701)
acquireIdPasswd exception:account=xiao_shućććććććććććććććććććććććććććććććććććććććććć
gauthd: 19 Apr 2015 15:29:02,161  INFO GAuthServer:? - GQueryPasswd:can not find user xiao_shućććććććććććććććććććććććććććććććććććććććććć
GQueryPasswd:account is xiao_shućććććććććććććććććććććććććććććććććććććććććć , login ip is -1491901413
Sending query to acquire password
Prepare procedure call:{call acquireuserpasswd(?,?,?)}
com.mysql.jdbc.MysqlDataTruncation: Data truncation: Data too long for column 'name1' at row 1
    at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3561)
    at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3495)
    at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1959)
    at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2113)
    at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2693)
    at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2102)
    at com.mysql.jdbc.PreparedStatement.execute(PreparedStatement.java:1364)
    at com.mysql.jdbc.CallableStatement.execute(CallableStatement.java:877)
    at application.procedure.handler.execute(handler.java:197)
    at com.goldhuman.account.storage.acquireIdPasswd(storage.java:419)
    at protocol.MatrixPasswd.Server(Unknown Source)
    at com.goldhuman.IO.Protocol.Rpc.Process(Unknown Source)
    at com.goldhuman.IO.Protocol.Task.run(Unknown Source)
    at com.goldhuman.Common.ThreadPool.run(Unknown Source)
    at java.lang.Thread.run(Thread.java:701)
acquireIdPasswd exception:account=xiao_shućććććććććććććććććććććććććććććććććććććććććć
gauthd: 19 Apr 2015 15:29:05,099  INFO GAuthServer:? - GQueryPasswd:can not find user xiao_shućććććććććććććććććććććććććććććććććććććććććć
GQueryPasswd:account is xiao_shućććććććććććććććććććććććććććććććććććććććććć , login ip is -1491901413
Sending query to acquire password
Prepare procedure call:{call acquireuserpasswd(?,?,?)}
com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: No operations allowed after statement closed.
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:534)
    at com.mysql.jdbc.Util.handleNewInstance(Util.java:406)
    at com.mysql.jdbc.Util.getInstance(Util.java:381)
    at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1012)
    at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:986)
    at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:981)
    at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:926)
    at com.mysql.jdbc.StatementImpl.checkClosed(StatementImpl.java:405)
    at com.mysql.jdbc.StatementImpl.executeQuery(StatementImpl.java:1329)
    at com.mysql.jdbc.DatabaseMetaData.getCallStmtParameterTypes(DatabaseMetaData.java:1599)
    at com.mysql.jdbc.DatabaseMetaData.getProcedureOrFunctionColumns(DatabaseMetaData.java:4138)
    at com.mysql.jdbc.DatabaseMetaData.getProcedureColumns(DatabaseMetaData.java:4056)
    at com.mysql.jdbc.CallableStatement.determineParameterTypes(CallableStatement.java:827)
    at com.mysql.jdbc.CallableStatement.<init>(CallableStatement.java:625)
    at com.mysql.jdbc.JDBC4CallableStatement.<init>(JDBC4CallableStatement.java:46)
    at sun.reflect.GeneratedConstructorAccessor10.newInstance(Unknown Source)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:534)
    at com.mysql.jdbc.Util.handleNewInstance(Util.java:406)
    at com.mysql.jdbc.CallableStatement.getInstance(CallableStatement.java:521)
    at com.mysql.jdbc.ConnectionImpl.parseCallableStatement(ConnectionImpl.java:4078)
    at com.mysql.jdbc.ConnectionImpl.prepareCall(ConnectionImpl.java:4162)
    at com.mysql.jdbc.ConnectionImpl.prepareCall(ConnectionImpl.java:4136)
    at application.procedure.handler.execute(handler.java:189)
    at com.goldhuman.account.storage.acquireIdPasswd(storage.java:419)
    at protocol.MatrixPasswd.Server(Unknown Source)
    at com.goldhuman.IO.Protocol.Rpc.Process(Unknown Source)
    at com.goldhuman.IO.Protocol.Task.run(Unknown Source)
    at com.goldhuman.Common.ThreadPool.run(Unknown Source)
    at java.lang.Thread.run(Thread.java:701)
acquireIdPasswd exception:account=xiao_shućććććććććććććććććććććććććććććććććććććććććć
gauthd: 19 Apr 2015 15:29:15,281  INFO GAuthServer:? - GQueryPasswd:can not find user xiao_shućććććććććććććććććććććććććććććććććććććććććć

Done some changes to table field char length/sizes hoping it'll block that part as hes obviously doing it on purpose.

[Ben]

I hope i don't break the rules with bumping it once again but yea w.e this has to be said.

As i received today from the connections i work with.

..Edited...

Okay?

[jv90]

nimdA #2 I see.

[avalanche3]

And what would be the point of him logging under his name? LOL
If you're robbing a house, do you leave a note: "it was me" ?

[Ben]

And what would be the point of him logging under his name? LOL
If you're robbing a house, do you leave a note: "it was me" ?

idk, i didn't accouse anyone of doing anything. I just update the logs i get hoping someone knows a complete fix :-) As it seems pretty easy making the auth crash like that.

I know Mar for a longer time already so i know mar is an ok guy.

Can be someone else who wants to set them on a bad track :p would like to know who that is so stuff gets solved smoothly.