[Pidgin] #11110: Pidgin appears to leak DNS for Jabber accounts
Pidgin
trac at pidgin.im
Fri Jan 8 21:26:36 EST 2010
#11110: Pidgin appears to leak DNS for Jabber accounts
-------------------------------------+--------------------------------------
Reporter: ioerror | Owner: deryni
Type: defect | Status: new
Milestone: | Component: XMPP
Version: 2.6.4 | Resolution:
Keywords: jabber security privacy |
-------------------------------------+--------------------------------------
Comment(by ioerror):
I spent a little more time looking at the call graph manually. It does
look like jabber_stream_connect() will call jabber_login_connect() if
connect_server[0] isn't empty (this somehow should be expressed to the
user, I think).
In any case, that will only skip the first possible SRV record resolution
attempt. Eventually the flow of execution will hit jabber_login_callback()
and *possibly* trigger the above mentioned SRV requests. However, this
doesn't appear to be the source of my leaking. Still, it seems fragile and
should be more explicit, I think.
It looks like js->stun_query is probably closer to the root of the issue.
I think that at some point in the call graph, pidgin thinks that it needs
to make a DNS query for an STUN server. It looks like
purple_network_set_stun_server() (line 867 of libpurple/network.c) will
make a call to purple_dnsquery_a(). This is invoked by
purple_network_init() and so it's likely the source of the leak for people
without every tab (other than the BOSH field) in the advanced tab filled
in...
--
Ticket URL: <http://developer.pidgin.im/ticket/11110#comment:7>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list