[Pidgin] #11110: Pidgin appears to leak DNS for Jabber accounts
Pidgin
trac at pidgin.im
Fri Apr 29 03:56:50 EDT 2011
#11110: Pidgin appears to leak DNS for Jabber accounts
-------------------------------------+--------------------------------------
Reporter: ioerror | Owner: deryni
Type: defect | Status: closed
Milestone: 2.8.0 | Component: XMPP
Version: | Resolution: fixed
Keywords: jabber security privacy |
-------------------------------------+--------------------------------------
Comment(by ioerror):
For some reason, I had no host, port, username or password config boxes
during any of this testing - however, I noticed a small mistake that once
changed, I somehow had fields to fill in. In proxy.h, the PurpleProxyType
def appeared to be reversed and this caused the UI to not show the proper
GTK widgets and all hell broke loose. The proxy now fails closed when the
information is empty.
It was:
{{{
»···PURPLE_PROXY_USE_ENVVAR, /**< Use environmental settings.
*/
»···PURPLE_PROXY_TOR /**< Use a Tor proxy (SOCKS 5 really)
*/
}}}
It is now:
{{{
»···PURPLE_PROXY_TOR, /**< Use a Tor proxy (SOCKS 5 really)
*/
»···PURPLE_PROXY_USE_ENVVAR /**< Use environmental settings.
*/
}}}
With that switch, I have a proxy type that emits the proper xml into
accounts.xml and it connects over Tor (as configured)!
With a proxy that is unreachable - we get this error (as expected):
{{{
(00:42:10) proxy: Attempting connection to 127.0.0.1
(00:42:10) proxy: Connecting to jabber.ccc.de:5222 via 127.0.0.1:1 using
SOCKS5
(00:42:10) socks5 proxy: Connection in progress
(00:42:10) socks5 proxy: Connected.
(00:42:10) proxy: Connection attempt failed: Connection refused
(00:42:10) jabber: Couldn't connect directly to jabber.ccc.de. Trying to
find alternative connection methods, like BOSH.
(00:42:10) dnssrv: Aborting TXT lookup in Tor Proxy mode.(00:42:10)
jabber: Unable to find alternative XMPP connection methods after failing
to connect directly.
(00:42:10) connection: Connection error on 0x7ffff8e388c0 (reason: 0
description: Unable to connect)
(00:42:10) account: Disconnecting account xxxx at jabber.ccc.de/ccc
(0x7ffff82fee60)
}}}
With a proxy that is reachable:
{{{
(00:43:16) account: Connecting to account xxxx at jabber.ccc.de/ccc.
(00:43:16) connection: Connecting. gc = 0x7ffff8e52fa0
(00:43:16) dnsquery: Performing DNS lookup for 127.0.0.1
(00:43:16) dnsquery: IP resolved for 127.0.0.1
(00:43:16) proxy: Attempting connection to 127.0.0.1
(00:43:16) proxy: Connecting to jabber.ccc.de:5222 via 127.0.0.1:9050
using SOCKS5
(00:43:16) socks5 proxy: Connection in progress
(00:43:16) socks5 proxy: Connected.
(00:43:16) socks5 proxy: Able to read.
(00:43:16) s5: reallocing from 5 to 8
(00:43:16) s5: reallocing from 8 to 10
(00:43:16) proxy: Connected to jabber.ccc.de:5222.
}}}
So - the one change that needs to be done for your branch is the following
patch:
{{{
diff -U 1 pidgin-mtn/libpurple/proxy.h pidgin-mtn-fixed/libpurple/proxy.h
--- pidgin-mtn/libpurple/proxy.h 2011-04-28 04:05:25.000000000
-0700
+++ pidgin-mtn-fixed/libpurple/proxy.h 2011-04-29 00:33:16.982350763
-0700
@@ -41,4 +41,4 @@
PURPLE_PROXY_SOCKS5, /**< SOCKS 5 proxy.
*/
- PURPLE_PROXY_USE_ENVVAR, /**< Use environmental settings.
*/
- PURPLE_PROXY_TOR /**< Use a Tor proxy (SOCKS 5
really) */
+ PURPLE_PROXY_TOR, /**< Use a Tor proxy (SOCKS 5
really) */
+ PURPLE_PROXY_USE_ENVVAR /**< Use environmental settings.
*/
}}}
After applying the above patch, I did the following:
{{{
patch -p1 < ../configure.ac-hardening.patch
./autogen.sh
./configure --disable-screensaver --disable-gstreamer --disable-vv
--disable-idn --disable-meanwhile --disable-dbus --disable-perl --disable-
tcl --enable-gnutls=no --enable-nss=yes --disable-consoleui --enable-gcc-
hardening --enable-linker-hardening
time make
sudo make install
}}}
Everything appears to be basically functional and I'll test for leaks with
XMPP next.
--
Ticket URL: <http://developer.pidgin.im/ticket/11110#comment:49>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list