[Pidgin] #6031: ASCII control characters cause problems with libpurple clients

Pidgin trac at pidgin.im
Mon May 31 08:14:55 EDT 2010


#6031: ASCII control characters cause problems with libpurple clients
--------------------+-------------------------------------------------------
 Reporter:  dhawes  |        Owner:  deryni 
     Type:  defect  |       Status:  closed 
Milestone:          |    Component:  XMPP   
  Version:  2.4.2   |   Resolution:  invalid
 Keywords:          |  
--------------------+-------------------------------------------------------

Comment(by sergem):

 You look at this bug wrong. This IS a bug in libpurple, since it allows a
 DoS-attack against it.

 Steps to reproduce a DoS attack:[[BR]]
 1. Connect to Jabber conference with i.e. psi.[[BR]]
 2. Send a message, that contains ASCII char 1[[BR]]
 3. See all libpurple clients disconnected.

 After that none of libpurple clients would be able to connect to this
 conference, because after reconnection they would receive last messages,
 including the one that makes them disconnect.

 And I suppose the attack can be done in many other way (i.e. by setting a
 status message with such a character, or even just directly sending a
 message).

 Here's the patch to fix this problem
 {{{
 #!patch
 diff -urN pidgin-2.7.0.orig/libpurple/protocols/jabber/parser.c
 pidgin-2.7.0/libpurple/protocols/jabber/parser.c
 --- pidgin-2.7.0.orig/libpurple/protocols/jabber/parser.c       2010-05-23
 23:24:54.000000000 +0300
 +++ pidgin-2.7.0/libpurple/protocols/jabber/parser.c    2010-05-23
 23:29:52.000000000 +0300
 @@ -285,9 +285,23 @@
                                 break;
                         case XML_ERR_FATAL:
                                 purple_debug_error("jabber",
 "xmlParseChunk returned fatal %i\n", ret);
 -                               purple_connection_error_reason (js->gc,
 -
 PURPLE_CONNECTION_ERROR_NETWORK_ERROR,
 -                                                               _("XML
 Parse error"));
 +                               if ((ret >= XML_ERR_INVALID_HEX_CHARREF)
 && (ret <= XML_ERR_INVALID_CHAR)) {
 +                                       char *open_stream =
 g_strdup_printf("<stream:stream "
 +                                               "xmlns='" NS_XMPP_CLIENT
 "' "
 +                                               "xmlns:stream='"
 NS_XMPP_STREAMS "' "
 +                                               "id='%s' "
 +                                               "version='%d.%d'>",
 +                                               js->stream_id,
 +
 js->protocol_version.major, js->protocol_version.minor);
 +                                       jabber_parser_free(js);
 +                                       js->context =
 xmlCreatePushParserCtxt(&jabber_parser_libxml,
 +                                               js, open_stream,
 strlen(open_stream), NULL);
 +                                       g_free(open_stream);
 +                               } else {
 +                                       purple_connection_error_reason
 (js->gc,
 +
 PURPLE_CONNECTION_ERROR_NETWORK_ERROR,
 +
 _("XML Parse error"));
 +                               }
                                 break;
                 }
         }

 }}}

 This patch ignores all "incorrect-char" messages. IMO it would be better
 if pidgin displayed them, after all UTF8 allows to see them, but losing
 some messages is better than not being able to login at all.

 PS: I cannot reopen this bug but I hope some pidgin developers will look
 through it.

 PPS: I personally got into this problem and had to find a fast solution,
 because I could not connect to jabber any more. Here is my solution. :)

-- 
Ticket URL: <http://developer.pidgin.im/ticket/6031#comment:27>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list