Crash when using 2FA (yubikey) via USB: NPE - `Attempt to invoke virtual method 'int android.hardware.usb.UsbDevice.getInterfaceCount()`

larglarg commented 1 year ago

Steps to reproduce

1.Login normaly to your nextcloud and get to the point where u are asked for the 2fa 2.Trying to login with a yubikey 5c with the android app 3.

Expected behaviour

You shut be logged in

Actual behaviour

the app chrashed and showning this error:

Cause of error

Exception in thread "main" java.lang.RuntimeException: Error receiving broadcast Intent { act=de.cotech.hw.ACTION_USB flg=0x10 pkg=com.nextcloud.client } in de.cotech.hw.internal.transport.usb.UsbConnectionDispatcher$1@c0ef25f
    at android.app.LoadedApk$ReceiverDispatcher$Args.lambda$getRunnable$0$LoadedApk$ReceiverDispatcher$Args(LoadedApk.java:1572)
    at android.app.-$$Lambda$LoadedApk$ReceiverDispatcher$Args$_BumDX2UKsnxLVrE6UJsJZkotuA.run(Unknown Source:2)
    at android.os.Handler.handleCallback(Handler.java:938)
    at android.os.Handler.dispatchMessage(Handler.java:99)
    at android.os.Looper.loop(Looper.java:236)
    at android.app.ActivityThread.main(ActivityThread.java:7861)
    at java.lang.reflect.Method.invoke(Native Method)
    at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:600)
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:967)
Caused by: Exception in thread "main" java.lang.NullPointerException: Attempt to invoke virtual method 'int android.hardware.usb.UsbDevice.getInterfaceCount()' on a null object reference
    at de.cotech.hw.internal.transport.usb.UsbDeviceManager.isRelevantDevice(UsbDeviceManager.java:163)
    at de.cotech.hw.internal.transport.usb.UsbConnectionDispatcher.handleConnectedUsbDevice(UsbConnectionDispatcher.java:90)
    at de.cotech.hw.internal.transport.usb.UsbConnectionDispatcher.access$100(UsbConnectionDispatcher.java:45)
    at de.cotech.hw.internal.transport.usb.UsbConnectionDispatcher$1.onReceive(UsbConnectionDispatcher.java:77)
    at android.app.LoadedApk$ReceiverDispatcher$Args.lambda$getRunnable$0$LoadedApk$ReceiverDispatcher$Args(LoadedApk.java:1562)
    at android.app.-$$Lambda$LoadedApk$ReceiverDispatcher$Args$_BumDX2UKsnxLVrE6UJsJZkotuA.run(Unknown Source:2)
    at android.os.Handler.handleCallback(Handler.java:938)
    at android.os.Handler.dispatchMessage(Handler.java:99)
    at android.os.Looper.loop(Looper.java:236)
    at android.app.ActivityThread.main(ActivityThread.java:7861)
    at java.lang.reflect.Method.invoke(Native Method)
    at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:600)
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:967)

App information

ID: com.nextcloud.client
Version: 30230090
Build flavor: gplay

Device information

Brand: Redmi
Device: joyeuse
Model: Redmi Note 9 Pro
Id: RKQ1.200826.002
Product: joyeuse_eea

Firmware

SDK: 30
Release: 11
Incremental: V12.5.8.0.RJZEUXM

On my dekstop pc it is working just fine. With firefox on my smartphone as well. An alsow with the app if the accound dose not have 2fa setup.

the PHP version is 8.1 the server is runing on a apache2 server and is accesed via a reversproxy nginx. in the errors only the faild login is listed without further informations

ChristophWurst commented 1 year ago

de.cotech.hw.ACTION_USB

@AlvaroBrey do we launch this intent from the Nextcloud Files Android app? I'm not sure if I read the trace information correctly.

AlvaroBrey commented 1 year ago

de.cotech.hw.ACTION_USB
@AlvaroBrey do we launch this intent from the Nextcloud Files Android app? I'm not sure if I read the trace information correctly.

Yes, it's likely by this lib: https://github.com/cotechde/hwsecurity, which we use at the moment. And in fact this looks like a bug in the lib itself, which of course is abandoned...

larglarg commented 1 year ago

so I have to report the bug there ?

AlvaroBrey commented 1 year ago

so I have to report the bug there ?

No, I'll transfer this to the android app repo. Sorry!

AlvaroBrey commented 1 year ago

@larglarg just for clarity, did you use the Yubikey via USB or via NFC?

larglarg commented 1 year ago

via USB-c! NFC is at the moment working, i dont know if this is throw a fix on our side or if I did forget to test this. USB-c is still not working.

jonas-w commented 1 year ago

FWIW after the second try this works.

I think the problem is the "Allow Nextcloud to access your YubiKey" popup from Android. If you accept it, the app will crash. But on the second try this popup doesn't open again, probably because it doesn't need to request the permissions again and it works.

Here is my crash log:

Cause of error

Exception in thread "main" java.lang.RuntimeException: Error receiving broadcast Intent { act=de.cotech.hw.ACTION_USB flg=0x10 pkg=com.nextcloud.android.beta } in de.cotech.hw.internal.transport.usb.UsbConnectionDispatcher$1@caa57d
    at android.app.LoadedApk$ReceiverDispatcher$Args.lambda$getRunnable$0$LoadedApk$ReceiverDispatcher$Args(LoadedApk.java:1816)
    at android.app.LoadedApk$ReceiverDispatcher$Args$$ExternalSyntheticLambda0.run(Unknown Source:2)
    at android.os.Handler.handleCallback(Handler.java:938)
    at android.os.Handler.dispatchMessage(Handler.java:99)
    at android.os.Looper.loopOnce(Looper.java:226)
    at android.os.Looper.loop(Looper.java:313)
    at android.app.ActivityThread.main(ActivityThread.java:8751)
    at java.lang.reflect.Method.invoke(Native Method)
    at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:571)
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1135)
Caused by: Exception in thread "main" java.lang.NullPointerException: Attempt to invoke virtual method 'int android.hardware.usb.UsbDevice.getInterfaceCount()' on a null object reference
    at de.cotech.hw.internal.transport.usb.UsbDeviceManager.isRelevantDevice(UsbDeviceManager.java:163)
    at de.cotech.hw.internal.transport.usb.UsbConnectionDispatcher.handleConnectedUsbDevice(UsbConnectionDispatcher.java:90)
    at de.cotech.hw.internal.transport.usb.UsbConnectionDispatcher.access$100(UsbConnectionDispatcher.java:45)
    at de.cotech.hw.internal.transport.usb.UsbConnectionDispatcher$1.onReceive(UsbConnectionDispatcher.java:77)
    at android.app.LoadedApk$ReceiverDispatcher$Args.lambda$getRunnable$0$LoadedApk$ReceiverDispatcher$Args(LoadedApk.java:1806)
    at android.app.LoadedApk$ReceiverDispatcher$Args$$ExternalSyntheticLambda0.run(Unknown Source:2)
    at android.os.Handler.handleCallback(Handler.java:938)
    at android.os.Handler.dispatchMessage(Handler.java:99)
    at android.os.Looper.loopOnce(Looper.java:226)
    at android.os.Looper.loop(Looper.java:313)
    at android.app.ActivityThread.main(ActivityThread.java:8751)
    at java.lang.reflect.Method.invoke(Native Method)
    at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:571)
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1135)

App information

ID: com.nextcloud.android.beta
Version: 20230716
Build flavor: versionDev

Device information

Brand: samsung
Device: beyond2
Model: SM-G975F
Id: SP1A.210812.016
Product: beyond2lteeea

Firmware

SDK: 31
Release: 12
Incremental: G975FXXSGHWC2

nextcloud / android