[Pidgin] #6031: ASCII control characters cause problems with libpurple clients
Pidgin
trac at pidgin.im
Mon May 31 08:14:55 EDT 2010
#6031: ASCII control characters cause problems with libpurple clients
--------------------+-------------------------------------------------------
Reporter: dhawes | Owner: deryni
Type: defect | Status: closed
Milestone: | Component: XMPP
Version: 2.4.2 | Resolution: invalid
Keywords: |
--------------------+-------------------------------------------------------
Comment(by sergem):
You look at this bug wrong. This IS a bug in libpurple, since it allows a
DoS-attack against it.
Steps to reproduce a DoS attack:[[BR]]
1. Connect to Jabber conference with i.e. psi.[[BR]]
2. Send a message, that contains ASCII char 1[[BR]]
3. See all libpurple clients disconnected.
After that none of libpurple clients would be able to connect to this
conference, because after reconnection they would receive last messages,
including the one that makes them disconnect.
And I suppose the attack can be done in many other way (i.e. by setting a
status message with such a character, or even just directly sending a
message).
Here's the patch to fix this problem
{{{
#!patch
diff -urN pidgin-2.7.0.orig/libpurple/protocols/jabber/parser.c
pidgin-2.7.0/libpurple/protocols/jabber/parser.c
--- pidgin-2.7.0.orig/libpurple/protocols/jabber/parser.c 2010-05-23
23:24:54.000000000 +0300
+++ pidgin-2.7.0/libpurple/protocols/jabber/parser.c 2010-05-23
23:29:52.000000000 +0300
@@ -285,9 +285,23 @@
break;
case XML_ERR_FATAL:
purple_debug_error("jabber",
"xmlParseChunk returned fatal %i\n", ret);
- purple_connection_error_reason (js->gc,
-
PURPLE_CONNECTION_ERROR_NETWORK_ERROR,
- _("XML
Parse error"));
+ if ((ret >= XML_ERR_INVALID_HEX_CHARREF)
&& (ret <= XML_ERR_INVALID_CHAR)) {
+ char *open_stream =
g_strdup_printf("<stream:stream "
+ "xmlns='" NS_XMPP_CLIENT
"' "
+ "xmlns:stream='"
NS_XMPP_STREAMS "' "
+ "id='%s' "
+ "version='%d.%d'>",
+ js->stream_id,
+
js->protocol_version.major, js->protocol_version.minor);
+ jabber_parser_free(js);
+ js->context =
xmlCreatePushParserCtxt(&jabber_parser_libxml,
+ js, open_stream,
strlen(open_stream), NULL);
+ g_free(open_stream);
+ } else {
+ purple_connection_error_reason
(js->gc,
+
PURPLE_CONNECTION_ERROR_NETWORK_ERROR,
+
_("XML Parse error"));
+ }
break;
}
}
}}}
This patch ignores all "incorrect-char" messages. IMO it would be better
if pidgin displayed them, after all UTF8 allows to see them, but losing
some messages is better than not being able to login at all.
PS: I cannot reopen this bug but I hope some pidgin developers will look
through it.
PPS: I personally got into this problem and had to find a fast solution,
because I could not connect to jabber any more. Here is my solution. :)
--
Ticket URL: <http://developer.pidgin.im/ticket/6031#comment:27>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list