[Bug 68829] [PATCH] Cannot connect to Facebook

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Mon Sep 2 04:36:36 PDT 2013 

https://bugs.freedesktop.org/show_bug.cgi?id=68829

--- Comment #1 from Simon McVittie <simon.mcvittie at collabora.co.uk> ---
Comment on attachment 85035
  --> https://bugs.freedesktop.org/attachment.cgi?id=85035
Patch for wocky

Review of attachment 85035:
 --> (https://bugs.freedesktop.org/page.cgi?id=splinter.html&bug=68829&attachment=85035)
-----------------------------------------------------------------

What's the worst that can happen?

RFC 6120 §8.1.2.1 says:

   2.  When the server generates a stanza on its own behalf for delivery
       to the client from the server itself, the stanza MUST include a
       'from' attribute whose value is the bare JID

so this is not RFC-compliant XMPP. (Interop > RFC pedantry in situations where
it doesn't harm security, though.)

Also,

   4.  A server MUST NOT send to the client a stanza without a 'from'
       attribute if the stanza was not generated by the server on its
       own behalf

so if the server obeys §8.1.2.1.4, the worst that can happen with this change
is that we see a stanza generated by the server on behalf of our account and we
wrongly accept it as a valid stanza generated by the server itself, which is
what we need to do to fix this interop bug.

So, I'm OK with this change in principle.

::: wocky/wocky-c2s-porter.c
@@ +859,5 @@
>          goto finally;
>      }
>  
> +  /** If we sent an IQ to the server allow the server to omit 'to'
> +   * in the reply. */

omit 'from', surely?

/** is for doc-comments consumed by gtk-doc, not for ordinary comments.

Please do mention that the Facebook server now does this (preferably with "see
fd.o #68829" or the URL of the bug) and that we would normally interpret this
as coming from "the server on behalf of our account". Something like this:

  /* If we sent an IQ to the server itself, allow it to
   * omit 'from' in its reply, which is normally used
   * for messages from the server on behalf of our own
   * account (as of 2013-09-02, the Facebook server does
   * this). See fd.o #68829 */

The server is still returning valid disco information about itself, not about
our account, I hope?

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.

More information about the telepathy-bugs mailing list