[Pidgin] #6031: ASCII control characters cause problems with libpurple clients

Tue Jul 15 12:54:16 EDT 2008

#6031: ASCII control characters cause problems with libpurple clients
---------------------+------------------------------------------------------
  Reporter:  dhawes  |       Owner:  deryni  
      Type:  defect  |      Status:  reopened
  Priority:  minor   |   Milestone:          
 Component:  XMPP    |     Version:  2.4.2   
Resolution:          |    Keywords:          
   Pending:  0       |  
---------------------+------------------------------------------------------
Comment (by evands):

 Indeed; according to the [http://www.w3.org/TR/REC-xml/#dt-fatal XML
 spec]:
 > Once a fatal error is detected, however, the processor MUST NOT continue
 normal processing (i.e., it MUST NOT continue to pass character data and
 information about the document's logical structure to the application in
 the normal way).

 My change, it turns out, doesn't actually allow any recovery.  Ultimately,
 here's what happens:
 {{{
 15:08:42: (Libpurple: jabber) Recv (ssl)(213): <iq type="result"
 to="raeburn at mit.edu/Adiumi985" id="purple50a00886"
 from="somebody at mit.edu/Adium"><query
 xmlns="jabber:iq:version"><name>Adium</name><version>&#16;BÔøΩ&#16;
 (libpurple 2.4.3)</version></query></iq>
 15:08:42: (Libpurple: jabber) XML parser error for JabberStream 0x0:
 Domain 1, code 9, level 3: xmlParseCharRef: invalid xmlChar value 16
 15:08:42: (Libpurple: jabber) xmlParseChunk returned error 9

 15:08:42: (Libpurple: jabber) Recv (ssl)(391): <presence
 from="somebody1 at gmail.com/gmail.E541E193"
 to="raeburn at mit.edu/Adiumi985"><show>away</show><priority>0</priority><caps:c
 xmlns:caps="http://jabber.org/protocol/caps"
 node="http://mail.google.com/xmpp/client/caps" ver="1.1"
 ext="pmuc-v1"></caps:c><status>Wow, embedded chat!</status><x xmlns
 ="vcard-
 temp:x:update"><photo>57c7617952cf2ddc707153466a23da3976f2da10</photo></x></presence>
 15:08:42: (Libpurple: jabber) xmlParseChunk returned error 5
 15:08:42: (Libpurple: jabber) Recv (ssl)(203): <iq type="result"
 to="raeburn at mit.edu/Adiumi985" id="purple50a00879"
 from="somebody2 at mit.edu/Adium"><query
 xmlns="jabber:iq:version"><name>Adium</name><version> (libpurple
 2.5.0devel)</version></query></iq>
 15:08:42: (Libpurple: jabber) xmlParseChunk returned error 5
 15:08:42: (Libpurple: jabber) Recv (ssl)(344): <presence
 from="somebody1 at gmail.com/somebody1/fE092FC9F"
 to="raeburn at mit.edu/Adiumi985"><priority>1</priority><c
 xmlns="http://jabber.org/protocol/caps" node="http://pidgin.im/caps"
 ver="2.4.2devel" ext="moodn nickn tunen buzz avatar adiumcmd"/><x xmlns
 ="vcard-
 temp:x:update"><photo>57c7617952cf2ddc707153466a23da3976f2da10</photo></x></presence>
 15:08:42: (Libpurple: jabber) xmlParseChunk returned error 5
 15:08:42: (Libpurple: jabber) Recv (ssl)(145): <iq type="result"
 id="purple50a0087a" to="raeburn at mit.edu/Adiumi985"
 from="somebody2 at mit.edu/Adium"><query xmlns="jabber:iq:last"
 seconds="0"/></iq>
 15:08:42: (Libpurple: jabber) xmlParseChunk returned error 5
 15:08:42: (Libpurple: jabber) Recv (ssl)(405): <presence
 from="somebody1 at gmail.com/abs.mit.ed1F423CED"
 to="raeburn at mit.edu/Adiumi985"><show>away</show><status>My desktop
 computer is online.  I am not.  Please try again later...</status><c
 xmlns="http://jabber.org/protocol/caps" node="http://pidgin.im/caps"
 ver="2.4.1" ext="moodn nickn tunen avatar"/><x xmlns="vcard-
 temp:x:update"><photo>57c7617952cf2ddc707153466a23da3976f2da10</photo></x></presence>
 15:08:42: (Libpurple: jabber) xmlParseChunk returned error 5

 15:08:42: (Libpurple: jabber) Recv (ssl)(206): <iq type="result"
 to="raeburn at mit.edu/Adiumi985" id="purple50a00882"
 from="somebody3 at mit.edu/Pidgin"><query
 xmlns="jabber:iq:version"><name>Pidgin</name><version>2.4.1 (libpurple
 2.4.1)</version></query></iq>
 15:08:42: (Libpurple: jabber) XML parser error for JabberStream 0x0:
 Domain 1, code 5, level 3: Extra content at the end of the document

 15:08:42: (Libpurple: jabber) xmlParseChunk returned error 5
 15:08:42: Connection Disconnected: gc=afece70 (XML Parse error)
 }}}
 We handle the error 9 (invalid character)... but the document is then in
 an ended state.  We continue to fail from there.

 I guess we may just need to depend upon servers updating to the latest
 version of OpenFire, as this is a serverside problem which exposes all
 XML-compliant clients to DOS.

-- 
Ticket URL: <http://developer.pidgin.im/ticket/6031#comment:18>
Pidgin <http://pidgin.im>
Pidgin