[Bug 28647] IQ reply spoofing detection should be aware that @from is optional
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Mon Jun 21 13:48:10 CEST 2010
https://bugs.freedesktop.org/show_bug.cgi?id=28647
--- Comment #1 from Simon McVittie <simon.mcvittie at collabora.co.uk> 2010-06-21 04:48:10 PDT ---
Aagh, pressed Send too early. Here's what the description should have been.
When my Prosody 0.6.1 installation fails to reply to a disco request for my
bare JID (Bug #28599), it omits @from from the error reply (which is meant to
be equivalent to using my own bare JID). This leads Wocky to believe that the
reply is spoofed.
(telepathy-gabble:2069): wocky-DEBUG: Parsing chunk: <iq id='788917834034'
type='error' to='smcv at XXX/reptile'><error type='cancel'><service-unavailable
xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error></iq>
...
(telepathy-gabble:2069): wocky-DEBUG: handle_iq_reply: wocky-porter.c:842:
'(null)' (normal: '(null)') attempts to spoof an IQ reply from 'smcv at XXX'
(telepathy-gabble:2069): gabble-DEBUG: connection_iq_unknown_cb: got unknown
iq:
* iq xmlns='jabber:client' id='788917834034' type='error' to='smcv at XXX/reptile'
* error type='cancel'
* service-unavailable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'
As a result, the request times out, rather than failing immediately.
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
More information about the telepathy-bugs
mailing list