Pidgin disconnect upon reception of a backspace

Nicolas Anonyme pathogenyx at gmail.com
Tue Sep 28 07:46:05 EDT 2010


Dear developers, Greetings :

If you think you've found a bug in our software that could be exploited in a
> way that could harm users or prevent them from using the software (e.g. a
> remotely triggerable crash) DO send an email to security@


I think I found such a bug. Also, please, bear with my bad english as it's
not my primary language.

I'm working in a small (french) company (~ 350 ppl)

   - and everyone is connected to an internal XMPP server (OpenFire I think)

   - and the IM clients are a mix of spark / pidgin / gajim / psi / etc.


Yesterday a coworker sent a block of binary data in a message to another
coworker and it *disconnected him every time* (both were using pidgin).

We quickly isolated the culprit : a simple "*backspace*".
Two other clients (spark and psi) filter it out of messages (either when
sending it or when receiving it), but pidgin an gajim does not.
And only those last two disconnect when receiving this character.

I did succeed to disconnected at will coworkers who are using pidgin (2.6.2
to 2.7.3 ~ windows and linux) by sending them a simple XML raw message :

<message to="someone at server/resource" id="whatever" >
<body>&#8;</body>
</message>

(see the joint image of the client upon disconnection : « Erreur de lecture
du XML » → « Error while reading XML »)

It's even worse when pasted in a *chatroom*, as *everytime they get the
history they burst in a disconnected / reconnect / autojoin loop, *preventing
them to use the software.

Maybe it's the task of the server to filter such unwanted content, but
pidgin would gain stability and usability on being more fault tolerant on
this one (IMHO).

Hoping this is relevant and could somehow help.
Thank you for you hard work.

« *Cordialement* » as we say here
--
Nicolas.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20100928/67328b68/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bug-pidgin2.7.3.png
Type: image/png
Size: 15484 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20100928/67328b68/attachment-0001.png>


More information about the security mailing list