[Pidgin] #12170: Pidgin repeatedly disconnects from jabber, if there're messages containing  in a conference

Pidgin trac at pidgin.im
Tue Jun 15 09:50:37 EDT 2010


#12170: Pidgin repeatedly disconnects from jabber, if there're messages containing
 in a conference
----------------------------------------------------+-----------------------
 Reporter:  sergem                                  |        Owner:  deryni   
     Type:  rejected_patch                          |       Status:  closed   
Milestone:                                          |    Component:  XMPP     
  Version:  2.7.0                                   |   Resolution:  duplicate
 Keywords:  xmpp jabber disconnect chat conference  |  
----------------------------------------------------+-----------------------

Comment(by sergem):

 > It's a bug in Openfire, which MUST NOT accept malformed XML

 My report is not about a bug in Openfire. It's about a bug in libpurple,
 that allows others to make a DoS-attack against it. You're explaining why
 this problem appeared (because of bug in openfire). I don't mind about
 that. But it's still a problem of pidgin, that is not present in other
 jabber clients, and that CAN be fixed in libpurple. Then why not fixing
 it?

 Yes, it APPEARED because of bug in Openfire (or any other server). But
 this IS A BUG in libpurple, that can be exploited using the Openfire bug.

 Are there any reasons not to fix it?

 > An XMPP entity MUST NOT generate data that is not XML-well-formed. ...

 BTW, why these 4 characters () form a message, that is not XML-well-
 formed?

-- 
Ticket URL: <http://developer.pidgin.im/ticket/12170#comment:3>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list