[Pidgin] #4570: The XMPP plugin uses the hostname given by the SRV record to perform certificate validation

Pidgin trac at pidgin.im
Fri Jan 4 19:30:45 EST 2008


#4570: The XMPP plugin uses the hostname given by the SRV record to perform
certificate validation
--------------------+-------------------------------------------------------
Reporter:  steffen  |       Owner:  nwalp
    Type:  defect   |      Status:  new  
Priority:  minor    |   Component:  XMPP 
 Version:  2.3.1    |    Keywords:       
 Pending:  0        |  
--------------------+-------------------------------------------------------
 The XMPP plugin uses the hostname given by the SRV record to perform
 certificate validation:

 libpurple/protocols/jabber/jabber.c:
 {{{
 static void tls_init(JabberStream *js)
 {
         purple_input_remove(js->gc->inpa);
         js->gc->inpa = 0;
         js->gsc = purple_ssl_connect_with_host_fd(js->gc->account, js->fd,
                         jabber_login_callback_ssl,
 jabber_ssl_connect_failure, js->host, js->gc);
 }
 }}}

 js->host is set by jabber_login_connect() to the hostname in the SRV RR.

 This is a bad idea since an attacker could forge the SRV RR to point to a
 domain he owns (and therefore has a certificate for). Instead the domain
 given in the preferences dialog should be used.

-- 
Ticket URL: <http://developer.pidgin.im/ticket/4570>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list