[Pidgin] #5910: Jabber - protocol connection for server broken while sending too long buffer over SASL-encrypted channel
Pidgin
trac at pidgin.im
Mon Jun 9 16:10:11 EDT 2008
#5910: Jabber - protocol connection for server broken while sending too long
buffer over SASL-encrypted channel
----------------------+-----------------------------------------------------
Reporter: geekkoo | Owner: nwalp
Type: patch | Status: new
Priority: minor | Milestone:
Component: XMPP | Version: 2.4.1
Resolution: | Keywords: XMPP, Jabber, encryption, security layer
Pending: 0 |
----------------------+-----------------------------------------------------
Comment (by geekkoo):
Replying to [comment:5 deryni]:
> Ignoring the specific details of this issue, if a message cannot be sent
because it exceeds SASL_MAXOUTBUF how will it ever be able to be sent? If
it cannot ever be sent how do you handle that given your understanding of
what the client is supposed to do (given what you believe jabberd2
expects)?
I mean this code:
pidgin-2.4.1/libpurple/protocols/jabber/jabber.c
line 292
{{{
....
#ifdef HAVE_CYRUS_SASL
if (js->sasl_maxbuf>0) {
int pos;
if (!js->gsc && js->fd<0)
return;
pos = 0;
if (len == -1)
len = strlen(data);
while (pos < len) {
int towrite;
const char *out;
unsigned olen;
if ((len - pos) < js->sasl_maxbuf)
towrite = len - pos;
else
towrite = js->sasl_maxbuf;
sasl_encode(js->sasl, &data[pos], towrite, &out, &olen);
pos += towrite;
printf("olen = %i\n",olen);
if (js->writeh == 0)
ret = jabber_do_send(js, out, olen);
else {
ret = -1;
errno = EAGAIN;
}
printf("ret = %i\n",ret);
if (ret < 0 && errno != EAGAIN)
purple_connection_error_reason (js->gc,
PURPLE_CONNECTION_ERROR_NETWORK_ERROR,
_("Write error"));
else if (ret < olen) {
if (ret < 0)
ret = 0;
if (js->writeh == 0)
js->writeh = purple_input_add(
js->gsc ? js->gsc->fd : js->fd,
PURPLE_INPUT_WRITE,
jabber_send_cb, js);
purple_circ_buffer_append(js->write_buffer,
out + ret, olen - ret);
}
}
return;
}
#endif
....
}}}
It is OK - in while loop message is split in SASL_MAXOUTBUF chunks. But if
jabber_do_send could not send the chunk at once (so {{{ret<outlen}}}) then
its remaining part is put into {{{js->write_buffer}}}
({{{purple_circ_buffer_append}}}).
Here in the code I have put two "printf". Usually output looks like:
{{{
...
olen=1024
ret=1024
olen=1024
ret=1024
...
}}}
When the connection is about to broke the output is like:
{{{
...
olen=1024
ret=1024
olen=1024
ret=656
olen=1024
ret=-1
olen=1024
ret=-1
...
}}}
and this message does not reach server. Looking into the server logs
suggests that the last decoded message is the one that was not truncated.
--
Ticket URL: <http://developer.pidgin.im/ticket/5910#comment:6>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list