From 9cc8ba320fac565e6779f129ee4658e43aa36bf6 Mon Sep 17 00:00:00 2001
From: Daniel Gultsch <daniel@gultsch.de>
Date: Sat, 2 May 2015 12:10:56 +0200
Subject: mark account with incompatible server when no sasl mechansim could be
 found

---
 .../siacs/conversations/xmpp/XmppConnection.java   | 43 ++++++++++++----------
 1 file changed, 24 insertions(+), 19 deletions(-)

diff --git a/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java b/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java
index 0b6bb15b..a2b58a14 100644
--- a/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java
+++ b/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java
@@ -581,26 +581,31 @@ public class XmppConnection implements Runnable {
 			} else if (mechanisms.contains("DIGEST-MD5")) {
 				saslMechanism = new DigestMd5(tagWriter, account, mXmppConnectionService.getRNG());
 			}
-			final JSONObject keys = account.getKeys();
-			try {
-				if (keys.has(Account.PINNED_MECHANISM_KEY) &&
-						keys.getInt(Account.PINNED_MECHANISM_KEY) > saslMechanism.getPriority() ) {
-					Log.e(Config.LOGTAG, "Auth failed. Authentication mechanism " + saslMechanism.getMechanism() +
-							" has lower priority (" + String.valueOf(saslMechanism.getPriority()) +
-							") than pinned priority (" + keys.getInt(Account.PINNED_MECHANISM_KEY) +
-							"). Possible downgrade attack?");
-					disconnect(true);
-					changeStatus(Account.State.SECURITY_ERROR);
-						}
-			} catch (final JSONException e) {
-				Log.d(Config.LOGTAG, "Parse error while checking pinned auth mechanism");
-			}
-			Log.d(Config.LOGTAG,account.getJid().toString()+": Authenticating with " + saslMechanism.getMechanism());
-			auth.setAttribute("mechanism", saslMechanism.getMechanism());
-			if (!saslMechanism.getClientFirstMessage().isEmpty()) {
-				auth.setContent(saslMechanism.getClientFirstMessage());
+			if (saslMechanism != null) {
+				final JSONObject keys = account.getKeys();
+				try {
+					if (keys.has(Account.PINNED_MECHANISM_KEY) &&
+							keys.getInt(Account.PINNED_MECHANISM_KEY) > saslMechanism.getPriority()) {
+						Log.e(Config.LOGTAG, "Auth failed. Authentication mechanism " + saslMechanism.getMechanism() +
+								" has lower priority (" + String.valueOf(saslMechanism.getPriority()) +
+								") than pinned priority (" + keys.getInt(Account.PINNED_MECHANISM_KEY) +
+								"). Possible downgrade attack?");
+						disconnect(true);
+						changeStatus(Account.State.SECURITY_ERROR);
+					}
+				} catch (final JSONException e) {
+					Log.d(Config.LOGTAG, "Parse error while checking pinned auth mechanism");
+				}
+				Log.d(Config.LOGTAG, account.getJid().toString() + ": Authenticating with " + saslMechanism.getMechanism());
+				auth.setAttribute("mechanism", saslMechanism.getMechanism());
+				if (!saslMechanism.getClientFirstMessage().isEmpty()) {
+					auth.setContent(saslMechanism.getClientFirstMessage());
+				}
+				tagWriter.writeElement(auth);
+			} else {
+				disconnect(true);
+				changeStatus(Account.State.INCOMPATIBLE_SERVER);
 			}
-			tagWriter.writeElement(auth);
 		} else if (this.streamFeatures.hasChild("sm", "urn:xmpp:sm:"
 					+ smVersion)
 				&& streamId != null) {
-- 
cgit v1.2.3